summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17798: Beginnings of a standalone libaddns library released underGerald Carter2-3/+275
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>. Additional work by me. It's still got some warts, but non-secure updates do currently work. There are at least four things left to really clean up. 1. Change the memory management to use talloc() rather than malloc() and cleanup the leaks. 2. Fix the error code reporting (see initial changes to dnserr.h) 3. Fix the secure updates 4. Define a public interface in addns.h 5. Move the code in libads/dns.c into the libaddns/ directory (and under the LGPL). A few notes: * Enable the new code by compiling with --with-dnsupdate * Also adds the command 'net ads dns register' * Requires -luuid (included in the e2fsprogs-devel package). * Has only been tested on Linux platforms so there may be portability issues. (This used to be commit 36f04674aeefd93c5a0408b8967dcd48b86fdbc1)
2007-10-10r17669: Remove RID algorithm support from unmapped users and groupsGerald Carter1-2/+9
when using smbpasswd (This used to be commit dde552336c732ddd6076a6a32575a37cb51aa94c)
2007-10-10r17610: Added the ability for firefox to drive the winbinddJeremy Allison1-10/+99
ntlm_auth module to allow it to use winbindd cached credentials.The credentials are currently only stored in a krb5 MIT environment - we need to add an option to winbindd to allow passwords to be stored even in an NTLM-only environment. Patch from Robert O'Callahan, modified with some fixes by me. Jeremy. (This used to be commit ae7cc298a113d8984557684bd6ad216cbb27cff3)
2007-10-10r17603: Make net_ads_join_ok return NTSTATUS.Volker Lendecke1-7/+12
Thanks to Michael Adam <ma@sernet.de> hop, hop, hop... ;-) Volker (This used to be commit 47facab798bdc6e20b2620972f1b8f2338fac239)
2007-10-10r17602: Make check_ads_config return NTSTATUS, set some error codes in ↵Volker Lendecke1-10/+18
net_ads_join. Thanks to Michael Adam <ma@sernet.de> Volker (This used to be commit 27cca861507afa9caf694ef89e543c86de01c2cd)
2007-10-10r17591: machine_account is unused, and ctx must be freed. Thanks MichaelVolker Lendecke1-3/+2
(This used to be commit a347f8a9c480cf09abac9144e04ab2b13457e3b0)
2007-10-10r17585: Don't let ads_status throw away the error information.Volker Lendecke1-38/+45
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit ea3a4142a0f2140d8743a50518ae94df2d84d972)
2007-10-10r17584: Some C++ WarningsVolker Lendecke1-2/+2
(This used to be commit f6194cf4b263454bbdf180a7d014ffc3498df497)
2007-10-10r17557: Change net_join_domain to return NTSTATUS instead of int.Volker Lendecke1-15/+16
Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit c4e10afadb39ff562287ab2294df0a1f83b28908)
2007-10-10r17554: CleanupVolker Lendecke3-50/+53
(This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9)
2007-10-10r17551: Move some DEBUG to d_printf in interactive functions and returnVolker Lendecke1-7/+10
NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam <ma@sernet.de>. Volker (This used to be commit d44599de3a61707a32851f37ddfb2425949622f8)
2007-10-10r17496: net groupmap add could add uninitialized sid_name_typeJeremy Allison1-10/+27
entries to the group mapping db. Ensure this can't happen. Jeremy. (This used to be commit 2ba0d93d53868c8b28dccf91dfa26e86817da511)
2007-10-10r17468: To minimize the diff later on, pre-commit some changes ↵Volker Lendecke2-4/+4
independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker (This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a)
2007-10-10r17465: Get rid of add_initial_entry. In the two places it was called in it ↵Volker Lendecke1-33/+33
seemed a bit pointless to me. Volker (This used to be commit 244b25ae49d3c635fc54498dbee29f5b649ea1fa)
2007-10-10r17463: A bit of cleanup work:Volker Lendecke3-13/+13
Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc)
2007-10-10r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as anVolker Lendecke3-12/+10
argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f)
2007-10-10r17446: Fix some C++ warnings and two memleaks found by Coverity, IDs 304 ↵Volker Lendecke1-7/+13
and 305. Volker (This used to be commit 4f6605a4880f54f2c7d1f3c7554408d893bc623c)
2007-10-10r17383: Patch from Michael Adams <ma@sernet.de> to catchGerald Carter1-17/+17
some memory leaks on error paths in net_ads_join() (This used to be commit 24de2d83ff1d27400a89985126edee588bc415f3)
2007-10-10r17375: If a field containts only whitespace, we need to do base64 as well.Volker Lendecke1-2/+20
Volker (This used to be commit 795d06f427061536c6e3a3eb5b5d60a27f5ec70d)
2007-10-10r17374: Get rid of a silly "System User" default for "description", also ↵Volker Lendecke1-5/+9
fetch the sambaProfilePath. Volker (This used to be commit 61e7ed593b944fa14330729e585d1f790af93a7b)
2007-10-10r17356: Also transfer the sambaHomePath attribute.Volker Lendecke1-0/+4
Volker (This used to be commit 49ad0d4d0eea85ef133e1a5c055305e06de109de)
2007-10-10r17335: Some more fixes to net rpc vampire ldif. Still not good though :-(Volker Lendecke1-8/+14
Volker (This used to be commit e947f4bd91fcfa0dd27d12e8188ada381da541ff)
2007-10-10r17316: More C++ warnings -- 456 leftVolker Lendecke1-2/+2
(This used to be commit 1e4ee728df7eeafc1b4d533240acb032f73b4f5c)
2007-10-10r17313: Non-Ascii attribute values need to be encoded as base64, with an ↵Volker Lendecke1-15/+60
attribute name attr:: instead of attr: German domains tend to have umlauts in group names. More to come tomorrow. Volker (This used to be commit 94cdd5d64cfaa5228209eebbb76244da0bf4b518)
2007-10-10r17312: Do some reformatting on net rpc samsync ldif. Not doing this checkin ↵Volker Lendecke1-135/+152
easily, as this puts me into svn blame in places I'm not sure I want my name to show up.... Volker (This used to be commit d00e73c49b5227db61d41a017eb9b71d9e7e2620)
2007-10-10r17260: remove extra ;SAMBA_3_0_23/source/utils/netlookup.cGerald Carter1-1/+1
(This used to be commit c152d20e9073eb741047cc4b5f8e8086e2bc9ddd)
2007-10-10r17258: Cleanup the 'net ads help join' output and document createupnGerald Carter1-35/+46
and createcomputer options (This used to be commit 87be77bf35635fc925e1be36073571f8c6ec3e81)
2007-10-10r17216: From Kai Blin <kai.blin@gmail.com>:Andrew Bartlett1-0/+71
A patch to make ntlm_auth recognize three new commands in ntlmssp-client-1 and squid-2.5-ntlmssp: The commands are the following: Command: SF <hex number> Reply: OK Description: Takes feature request flags similar to samba4's gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY, NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same values as the corresponding GENSEC_FEATURE_* flags in samba4. Command: GF Reply: GF <hex number> Description: Returns the negotiated flags. Command: GK Reply: GK <base64 encoded session key> Description: Returns the negotiated session key. (These commands assist a wine project to use ntlm_auth for signing and sealing of bulk data). Andrew Bartlett (This used to be commit bd3e06a0e4435f1c48fa3b7862333efe273119ee)
2007-10-10r17177: Get rid of a global variable by adding a private data pointer toVolker Lendecke1-2/+5
share_mode_forall(). Volker (This used to be commit f97f6cedffdc4d10afcac90a163b93a801acf514)
2007-10-10r17158: Add two new options to 'net ads join'Gerald Carter1-12/+114
* createupn=[host_upn@realm] * createcomputer=<ou path top to bottom> (this was previously the only arg) (This used to be commit 75054e984e5ca7249b1327630db9d09da974a54e)
2007-10-10r17149: Fail the join if we cannot set any SPNs for the machine account.Gerald Carter1-24/+18
Disable the one we created and whine. (This used to be commit 1a7e81a4a8955e643d1c8a54365221a9e2ed8a12)
2007-10-10r17086: Re-add ability to contact remote domain controllers with the "net ads"Günther Deschner2-39/+64
toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther (This used to be commit d573e64781667993478a289580fa65c34e847f64)
2007-10-10r17078: Ouch....Volker Lendecke1-36/+0
(This used to be commit 1d928f783a78b3e957b675f12f1ad56e84c2fcfb)
2007-10-10r17077: Activate RPC-SAMBA3-GETUSERNAME in the build farmVolker Lendecke1-0/+36
(This used to be commit 8c6088f2bd0a5e3a854a31fe428d841d61055a30)
2007-10-10r17032: I thought I had already merged this from trunk:Volker Lendecke1-1/+2
> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line > > get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC Volker (This used to be commit c89471e15766fcdbfa4f40701e12c19f95c2d8ef)
2007-10-10r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1Andrew Bartlett1-1/+295
This mode proxies pre-calculated blobs from a remote (probably VPN) client into the domain. This allows clients to change their password over a PPTP connection (where they would not be able to connect to SAMR directly). The precalculated blobs do not reveal the plaintext password. Original patch by Alexey Kobozev <cobedump@gmail.com> (This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-15/+56
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r16947: Fix warning with profile separator when profiles notJeremy Allison1-0/+2
being used. Jeremy. (This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison15-470/+1094
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16845: Properly report the error during join when the set password failsGerald Carter1-0/+7
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)
2007-10-10r16656: Fix #3894 and #3895 reported by jason@ncac.gwu.edu.Jeremy Allison1-3/+3
Jeremy. (This used to be commit ddf35ad69201cf9a0aa45ff25e17eddef60d75ad)
2007-10-10r16652: Fix bug #3891 reported by jason@ncac.gwu.edu.Jeremy Allison1-4/+1
Jeremy. (This used to be commit 9b0df8d008bc5574526d68628f351eb4dbf98e8a)
2007-10-10r16644: Fix bug #3887 reported by jason@ncac.gwu.eduJeremy Allison6-12/+12
by converting the lookup_XX functions to correctly return SID_NAME_TYPE enums. Jeremy. (This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
2007-10-10r16640: Fix bug #3886 reported by jason@ncac.gwu.edu.Jeremy Allison1-3/+0
Jeremy. (This used to be commit 76cc25a37e145fb48a8a81df37e790690b5dceac)
2007-10-10r16638: Fix bug #3885, reported by jason@ncac.gwu.edu. UseJeremy Allison1-1/+1
the correct enumerated type in the macro. Jeremy. (This used to be commit 63ad19f71c6b9474042f4ea9d5859e2849a73da8)
2007-10-10r16614: Klocwork #2012. memleak on error path.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 58b9adb849854610e7167e8aa02a02bd15b0bf00)
2007-10-10r16612: Klocwork fix #2011. memleak on error path.Jeremy Allison1-6/+11
Jeremy. (This used to be commit b4e9475d2ac65f72cab0d5c8276da27cf1aeb791)
2007-10-10r16453: Fix another memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 49fb1a3ebc44602302c347195752891bf28c7037)
2007-10-10r16435: Add in the uid info that Jerry needs into theJeremy Allison1-2/+3
share_mode struct. Allows us to know the unix uid of the opener of the file/directory. Needed for info level queries on open files. Jeremy. (This used to be commit d929323d6f513902381369d77bcd7b714346d713)
2007-10-10r16429: Fix final 4 Klocwork bugs we're going to fix beforeJeremy Allison1-1/+1
release - #785, #786, #787, #788. Jeremy. (This used to be commit 9017547cccadeecb80f3db58a43838dc656fce2f)