summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2003-08-12This adds *experimental* kerberos gss spnego client support to ntlm_auth.Volker Lendecke1-12/+110
(This used to be commit 5522c79045dd9ee6804bc2bf2114178cbed6df48)
2003-08-12Some more shuffling around gss-spnego serverVolker Lendecke1-34/+37
(This used to be commit f2c85595dae81e119d0f7f9ec769ff865916a052)
2003-08-12Test invalid map system, map hidden, create mask, force create maskJeremy Allison1-0/+21
parameters. Fix return code for Samba 4 torture tester. Jeremy. (This used to be commit c043835c878ff062cb6eede02334f9e0ebb01050)
2003-08-12Clarify gss spnego ntlmssp server a bitVolker Lendecke1-36/+29
(This used to be commit 807b452a7fe7960acd0259a289f0c67011cb1aaf)
2003-08-12Fix for bug 269. Change wbinfo and ntlm_auth to convert domain, usernameTim Potter1-3/+17
and workstation to utf8 before sending the winbindd request. Also, don't continue when the call to pull_utf8() fails but rather return a winbind error. (This is what was causing the crash) (This used to be commit ca1c463360b75538a93b56a87cbb4a6ee7b6cec6)
2003-08-07Turns out I had my packet sequences wrong for oplock break code.Jeremy Allison1-2/+6
I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d)
2003-08-07Cosmetic fix from waider@waider.ie.Jeremy Allison1-0/+31
Jeremy. (This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472)
2003-08-06When doing 'net groupmap add', default to algorithmic mapping for the rid.Volker Lendecke1-6/+11
Volker (This used to be commit 7ce94d39add6e056e3b1deea21bf0438ba61e4cc)
2003-08-04Changes to make gss-spnego ntlmssp client work against W2k AD.Volker Lendecke1-26/+42
Now I know where the mechListMIC changes came from: Ethereal ;-) Volker (This used to be commit 4e9eed1273035d09ac3b427b9711327ba8c6ebfc)
2003-08-01Add ntlmssp client support to ntlm_auth. Find the corresponding cyrus saslVolker Lendecke1-25/+310
module under http://samba.sernet.de/cyrus-gss-spnego.diff Volker (This used to be commit a82f6a00969f7ea377626c28ec05ace04f8135a9)
2003-07-31Fixes for memory leaks in gss spnego handling by aliguori.Volker Lendecke1-13/+9
Volker (This used to be commit 946695242f0a6db0e8c712f9bd97ac3cb99c4119)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison4-5/+7
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-29This adds gss-spnego to ntlm_auth. It contains some new spnego supportVolker Lendecke1-1/+225
from Jim McDonough. It is to enable cyrus sasl to provide the gss-spnego support. For a preliminary patch to cyrus sasl see http://samba.sernet.de/cyrus-gss-spnego.diff Volker (This used to be commit 45cef8f66e46abe4a25fd2b803a7d1051c1c6602)
2003-07-29Typo fix for bug 258.Tim Potter1-1/+1
(This used to be commit a4e342c20cbddbb4d9d6ac49258457751146d890)
2003-07-27Use the specified workgroup in 'net ads'. (Defaults to lp_workgroup()).Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit e6cc5ca780f24f19dda65a499fda95bd2d99ea93)
2003-07-27Ensure all code paths set add_script.Jeremy Allison1-4/+3
Jeremy. (This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0)
2003-07-23convert snprintf() calls using pstrings & fstringsGerald Carter2-3/+3
to pstr_sprintf() and fstr_sprintf() to try to standardize. lots of snprintf() calls were using len-1; some were using len. At least this helps to be consistent. (This used to be commit 9f835b85dd38cbe655eb19021ff763f31886ac00)
2003-07-22Another round of uid/gid/pid format string changes I missed theTim Potter1-2/+3
first time. (This used to be commit 6616485dbad74dab7506609c6bfd183fc9c1f93c)
2003-07-22Fixup a bunch of printf-style functions and debugs to use unsigned long whenTim Potter3-6/+11
displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a)
2003-07-22Replace the eight (!) copies of dummy become/unbecome root with a single one.Tim Potter5-55/+0
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
2003-07-19According to the result of voting, net has default debug level withRafal Szczesniak1-3/+12
ability to change it by command line instead of turn-off cmdline switch for debug messages. It's a bit more comfortable to use now. (This used to be commit b65fe75bec8170ad48d1ad0a9017ccc4de651eba)
2003-07-16Add API framework for server SMB signing.Jeremy Allison1-1/+0
Jeremy. (This used to be commit 61fc9a7b2eafdf8cbed1f8d9aae016b828c91a08)
2003-07-16fixes for 'net rpc vampire'. I can now take a blank Samba hostGerald Carter1-25/+12
and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e)
2003-07-15Fix memleakVolker Lendecke1-0/+2
(This used to be commit 517bb4d0df4cd120ef0ffc3cd879897971f0982e)
2003-07-15Add support for MSG_SMB_CONF_UPDATED and MSG_SHUTDOWN to all daemons (smbd, ↵Alexander Bokovoy1-0/+11
nmbd, winbindd). Reviewed by jerry and tridge. (This used to be commit 02c5e2fc6f0721ebd82a9e6a2b34190607de55fe)
2003-07-15Jim, could you please look at this? smbpasswd -a <username> was brokenVolker Lendecke1-2/+2
for me without this patch. I'm not sure if I interpreted your patch to this code right. Thanks, Volker (This used to be commit 46ec022f873416d2258fc8d84430b17319dce70f)
2003-07-11Doesn't re-prompt for password when it is specified on the cmdlineJim McDonough1-2/+2
(This used to be commit 6ebe87d318658f28ad9b9f8169fc4400856d5812)
2003-07-11moving more code around.Gerald Carter2-2/+4
* move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d)
2003-07-10Just a few formatting fixed caught while testing.Rafal Szczesniak1-1/+1
rafal (This used to be commit 156554738cf4e4ffa5a811d9979acd19418e7908)
2003-07-10pdbedit should not call idmap anymore. Otherwise pdbedit -L wouldVolker Lendecke1-13/+2
allocate id's. Volker (This used to be commit 0358cc76757e7ef06dada94ec3a73cd90a525ba9)
2003-07-09Large set of changes to add UNIX account/group managementGerald Carter1-4/+11
to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6)
2003-07-09more compile fixes for become/unbecome_root()Gerald Carter3-0/+45
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
2003-07-07and so it begins....Gerald Carter2-22/+22
* remove idmap_XX_to_XX calls from smbd. Move back to the the winbind_XXX and local_XXX calls used in 2.2 * all uid/gid allocation must involve winbindd now * move flags field around in winbindd_request struct * add WBFLAG_QUERY_ONLY option to winbindd_sid_to_[ug]id() to prevent automatic allocation for unknown SIDs * add 'winbind trusted domains only' parameter to force a domain member server to use matching users names from /etc/passwd for its domain (needed for domain member of a Samba domain) * rename 'idmap only' to 'enable rid algorithm' for better clarity (defaults to "yes") code has been tested on * domain member of native mode 2k domain * ads domain member of native mode 2k domain * domain member of NT4 domain * domain member of Samba domain * Samba PDC running winbindd with trusts Logons tested using 2k clients and smbclient as domain users and trusted users. Tested both 'winbind trusted domains only = [yes|no]' This will be a long week of changes. The next item on the list is winbindd_passdb.c & machine trust accounts not in /etc/passwd (done via winbindd_passdb) (This used to be commit 8266dffab4aedba12a33289ff32880037ce950a8)
2003-07-05Add some debug statments to our vampire code - try to make it easier to trackAndrew Bartlett1-0/+6
down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e)
2003-07-05Fixes to our LDAP/vampire codepaths:Andrew Bartlett1-37/+44
- Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0)
2003-07-04This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett1-0/+6
We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison4-11/+11
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-07-03Some fixes for ads printer publish:Tim Potter1-6/+26
- check error return for cli_full_connection() when trying to obtain printer data - check error return on ads_find_machine_acct() - Minor reformatting to separate fetching printer data from publishing it (This used to be commit 94fe3b2cdfa67c9d74edc00a436b5eacbf3e0dc4)
2003-07-03Implemented 'net ads printer search' which searches the directory forTim Potter1-0/+32
published printers. At the moment we don't search using any parameters but this can be fixed by changing the LDAP search string. Also we should contact the global catalog at SRV _gc._tcp instead of the ldap server we get back from ads_startup(). (This used to be commit 814519c5de7f962623163b732c8589abd355d845)
2003-07-02#ifdef out apparently unused function.Tim Potter1-0/+4
(This used to be commit 9324703066cfdcb65208420a12e4ab8f358ccc09)
2003-06-30Yet more shadow variable warnings.Tim Potter1-3/+3
(This used to be commit b401e78b6eb7efa2af74a7e645c3b34091041769)
2003-06-27Some const correctness. Stop tdb being used as a remote backend. If anJeremy Allison3-27/+26
idmap backend is specified cause smbd to ask winbindd (use winbindd if you want a consistant remote backend solution). Should work well enough for next beta now... Jeremy. (This used to be commit 8f830c509af5976d988a30f0b0aee4ec61dd97a3)
2003-06-25large change:Gerald Carter3-13/+11
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-24Fixes from Martin Dorey <mdorey@bluearc.com> to only ask for and changeJeremy Allison1-7/+6
the requested parts of the ACL. Jeremy. (This used to be commit c35a88201c619f0ebbaf38adbd0ec2af77e23981)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-21(fixing bug in my last commit)Andrew Bartlett1-6/+6
This isn't C++ - start your code *after* all the variables are declared... Andrew Bartlett (This used to be commit b7760faedc2181538ffc325e727808e6df8f943f)
2003-06-21This removes the StrCaseCmp() stuff from 'net idmap' and 'netAndrew Bartlett4-178/+202
groupmap'. The correct way to implement this stuff is via a function table, as exampled in all the other parts of 'net'. This also moves the idmap code into a new file. Volker, is this your code? You might want to put your name on it. Andrew Bartlett (This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)
2003-06-20Fix bug #136. Add message about erroneous empty "passdb backend" parameter.Jim McDonough1-0/+4
(This used to be commit 897125a9dbbd3f921d944e7bb7c5694a130c5173)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce4-44/+13
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-16Replace all use of bzero with memset ...Richard Sharpe1-15/+15
(This used to be commit e21aab516b33b01536dd9ea067a16b94a38ff4b1)