summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2002-09-10removing compiler warnings about shadowed globalsGerald Carter1-18/+18
(This used to be commit 6f0561acadd139e37f86e30a2bbf10f428178eaf)
2002-09-06This is the 'easy' parts of the trusted domains patch n+3 patch fromAndrew Bartlett1-0/+8
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-1/+1
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-01Fix segfault in net commandVolker Lendecke1-1/+1
(This used to be commit 26bee60a419593a5afe4e48614f7f3fc414596a5)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau2-2/+5
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-0/+4
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-29There's more work to be done on samsync. Intermediate commit, nowVolker Lendecke1-5/+21
I get all the groups at least. Volker (This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
2002-08-29show builtin groups in samdumpAndrew Tridgell1-33/+40
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
2002-08-28'No news is good news' might sometimes be confusing, at least to me :-)Volker Lendecke1-1/+7
Volker (This used to be commit f76a5431f0448efbc879aee965c643e2e362632a)
2002-08-28Put in intermediate version of new SAM system. It's not stable yet, codeJelmer Vernooij1-1/+1
might be ugly, etc - please don't blame me for anything but instead try to fix the code :-). Compiling of the new sam system can be enabled with the configure option --with-sam Removing passdb/passgrp.c as it's unused fix typo in utils/testparm.c (This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
2002-08-27add hook for MSG_PRINTER_DRVUPGRADE that numps the change_id on all printers ↵Gerald Carter1-0/+5
bound to a given driver (This used to be commit e913d508d4f894eb3f0e59b9c28b0fc5b56962ec)
2002-08-22a few minor cleanups in the cldap requestAndrew Tridgell1-2/+26
(This used to be commit 228fc518da0404fe770175d5277fe5f5b08f9c67)
2002-08-22added a 'net rpc samdump' command for dumping the whole sam viaAndrew Tridgell2-0/+163
samsync operations (as a BDC) (This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
2002-08-21This is like jht's (abortive) patch for showing only non-default testparmAndrew Bartlett1-4/+6
options. Andrew Bartlett (This used to be commit 4cd822d9e4e5f35a47b0837bfa73c8a457e6cc85)
2002-08-21Patch from Paul Green <Paul.Green@stratus.com> to be more POSIX-compatibleJelmer Vernooij1-0/+6
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
2002-08-21pdbedit needs global_myname to be set in order to display theVolker Lendecke1-1/+12
user SIDs correctly. Volker (This used to be commit 287b7bda11100c42f2cdea36a20a81f6ea397f43)
2002-08-21global_myname is a pstring, not an fstringVolker Lendecke1-1/+1
(This used to be commit 2df34c9bfc76ee832e5005a2ad0ff0b6abb98034)
2002-08-21Add 'net rpc getsid' to fetch the PDC's SID into the local secrets.tdbVolker Lendecke1-1/+55
Print domain SID on 'net rpc info' Volker (This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
2002-08-21just comment typosVolker Lendecke1-15/+15
(This used to be commit 169e784f4829ef356ed6232ace950d43cac1d467)
2002-08-21Fix debug level initialization for net.cVolker Lendecke1-1/+1
Volker (This used to be commit 5af5326f1311a49d3c8316e1dcc27037b831065a)
2002-08-19print out the GUID in the CLDAP replyAndrew Tridgell1-12/+11
(This used to be commit 8aae10bcdc05fca4e0281ac91a7679c60b791534)
2002-08-19we now parse the cldap reply and print its contents. There are aAndrew Tridgell1-4/+82
couple of unknown fields we still need to work out. (This used to be commit 67b4dbd5c9f2665d5e6157b8cd522ebff4b8a4ea)
2002-08-19we now receive and parse the main cldap netlogon reply.Andrew Tridgell1-10/+88
we still need to parse the core of the structure (This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
2002-08-19added a 'net ads lookup' command that does a CLDAP NetLogon query to aAndrew Tridgell2-0/+121
win2000 server. It does seem to work, and win200 sends us a valid reply, but we don't parse it yet. Maybe tomorrow :) (This used to be commit 6352508c54cee333ed7c0e3ebc372be7cd60ed62)
2002-08-15*** empty log message ***Simo Sorce1-87/+175
(This used to be commit cb72eead70509eddaa051571f3eed3c46304b5f8)
2002-08-11Merge some usage info from APPLIANCE_HEAD.Tim Potter1-0/+3
(This used to be commit aa93db5abed75b5c9a032a080c07473fafa53a43)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett1-4/+5
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-08-06fixed 'net ads chostpass' for new ads structuresAndrew Tridgell1-1/+11
(This used to be commit 3b0e60e522b669bad77e70d9c6f484a08ff84612)
2002-08-05added 'net rpc testjoin' and 'net ads testjoin' commandsAndrew Tridgell3-20/+125
unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library. (This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell3-31/+63
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-04passwords where not checked (you cannot check if the same buffer differs ↵Simo Sorce1-6/+18
from itself). they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
2002-08-02Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter1-0/+17
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
2002-07-31fixed a net crash bug if we can't find a DC in a 'net rpc' commandAndrew Tridgell1-0/+4
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
2002-07-31make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell1-0/+4
our smb.conf setup. (This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+1
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-29Use common popt definition for -d option.Tim Potter2-3/+2
(This used to be commit 8c17904848a6206ab35652625ff5f3afcf6bcb0d)
2002-07-28Add the ability to set account policies too.Andrew Bartlett1-7/+25
Andrew Bartlett (This used to be commit 2bf6edf78b64335bf10c10c893d6e8fa0fac708b)
2002-07-28Clean this code up a little. If it's alrady asprintf()ed, I see noAndrew Bartlett1-2/+3
need for a manual strdup() too... (This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
2002-07-27Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busyAndrew Bartlett2-54/+307
again, and has added 'net rpc trustdom list' support. This lists the trusted and trusting domains of a remote PDC. I've applied these almost directly, just fixing some special case code for when there are *no* trusting domains. We still have some parse errors in this case however. Andrew Bartlett. From mimir's e-mail: Here are another patches adding trust relationship features. More details: Better error reporting in cli_lsa_enum_trust_dom(). Implementation of cli_samr_enum_dom_users() which cli_samr.c lacked. More "consts" -- one of arguments in net_find_dc(). Modified implementation of run_rpc_command() -- now it allows to reuse already opened connection (if it is passed) to remote server's IPC$ (e.g. as part of longer exchange of rpc calls). I'm sure Andrew will argue ;-) More neat version of rpc_trustdom_list() function. (This used to be commit f0890026820ee3e432147130b46de4610e583381)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-2/+4
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-24Make it possible to query account policy values from pdbedit (set to come soon).Andrew Bartlett1-11/+29
Update account_pol.c to use just uint32, rather then uint32 for paramaters, int32 for storage. (The int32 functions didn't have seperate return/status values, uint32 functions use a pointer-paramater). Move the #define -> string from a swtich to a table, so we can look it up both ways. Andrew Bartlett (This used to be commit c5b5e3d653f5c38a283d901a409be6603d5103f7)
2002-07-21Fix up dir drive call.Tim Potter1-1/+1
(This used to be commit fe229cc126a4bfdce12882ac7eaa893e00cd506e)
2002-07-21More cleanups, and add a comment/hint not to clean somthing up in future :-)Andrew Bartlett1-8/+0
Andrew Bartlett (This used to be commit 21b0e8f560849be77bde463cf006ea0de54211e9)
2002-07-21Another smattering of static and constAndrew Bartlett3-3/+3
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
2002-07-21Renamed all the new_cli_netlogon_* functions to cli_netlogon_*Tim Potter1-1/+1
as they're no longer new! (This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
2002-07-20Oops, my bad. I forgot to assign this, so lookupnames wasn't doing much :-)Andrew Bartlett1-0/+1
(This used to be commit 508106285380b772850238a8ed6b78a2c3334887)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-3/+5
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-07-20correctly declare global_myworkgroup to be the right size.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 860f5b1a0c1898f1ce380d249610eeaaeb43b9e0)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett2-5/+6
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Update the usage for smbgroupedit to document -d for 'description'.Andrew Bartlett1-0/+2
I think this one is due to metze. Andrew Bartlett (This used to be commit bce3a2b1d893d83f701205d7969569571f6279b0)