summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2004-02-26Implement 'net groupmap set' and 'net groupmap cleanup'.Volker Lendecke3-0/+157
I was rather annoyed by the net groupmap syntax, I could never get it right. net groupmap set "domain admins" domadm creates a mapping, net groupmap set "domain admins" -C "Comment" -N "newntname" should also do what you expect. net groupmap cleanup solves a problem I've had two times now: Our SID changed, and a user's primary group was mapped to a SID that is not ours. net groupmap cleanup removes all mappings that are not from our domain sid. Volker (This used to be commit 69879ceffa587ccf2bf59e1c716424e1d20a7f68)
2004-02-25(merge from 3.0)Andrew Bartlett1-0/+6
Fix bug in previous global_sam_sid() commit. I broke the 'read from MACHINE.SID' file functionality. Also, before we print out the results of 'net getlocalsid' and 'net getdomainsid', ensure we have tried to read that file, or have generated one. Andrew Bartlett (This used to be commit af1b6447b8292a83851361570219ee6d889e0898)
2004-02-25(merge from 3.0)Andrew Bartlett2-0/+16
I *hate* global variables... OK, what was happening here was that we would invalidate global_sam_sid when we set the sid into secrets.tdb, to force a re-read. The problem was, we would do *two* writes into the TDB, and the second one (in the PDC/BDC case) would be of a NULL pointer. This caused smbd startups to fail, on a blank TDB. By using a local variable in the pdb_generate_sam_sid() code, we avoid this particular trap. I've also added better debugging for the case where this all matters, which is particularly for LDAP, where it finds out a domain SID from the sambaDomain object. Andrew Bartlett (This used to be commit f3ecdea56d9ea6d562ace84f0e653a641eb96f6e)
2004-02-24Add 'net rpc group add'. For this parse_samr.c had to be changed: TheVolker Lendecke1-1/+62
group_info4 in set_dom_group_info also has the level in the record itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can still create a domain group on a samba machine. Volker (This used to be commit 9cadd14aa53d390a2419d7ce4fe48d58cf372279)
2004-02-24Remove unused variable.Volker Lendecke1-1/+0
Volker (This used to be commit f5af0326e67c0eb7be6f4b07f8b89c4c680903ac)
2004-02-24'net idmap restore' is too useful to be left broken :-)Volker Lendecke1-1/+105
Set the HWM values correctly after having manipulated the tdb. Volker (This used to be commit efad125f40858176145c69265d06b25295292132)
2004-02-23Fix "unable to initialize" bug when smbd hasn't been run withJeremy Allison2-2/+8
new system and a user is being added via pdbedit/smbpasswd. Found at Connectathon setup. Jeremy. (This used to be commit 93580927dc255f205283b64c72fb95be990d2216)
2004-02-19Enable checking/resetting of account lockout and bad password based on policyJim McDonough1-3/+17
(This used to be commit caef425d803fa01aa6f54339f8bc17fc752f73b0)
2004-02-19Add bad password reset and display of bad password count/timeJim McDonough1-3/+25
(This used to be commit 22c312b31d545914ae3fd12a11915ed046421f38)
2004-02-17Don't try to show entries that could not be listed.Volker Lendecke1-0/+9
Volker (This used to be commit 5fb9028942e2f16b153f42911e837008824dcecc)
2004-02-17If there are no alias members, don't ask for their sids.Volker Lendecke1-0/+4
Volker (This used to be commit 9d66043ed71d0c0f787a67b06b93f4f3b489c21c)
2004-02-16Fix success message for net groupmap modifyVolker Lendecke1-1/+1
Volker (This used to be commit d8ff6e4b30bda45b5f8680694da383d5769d7db5)
2004-02-13Fix eta calculation when resumingJelmer Vernooij1-1/+1
(This used to be commit c4114a0664467383fc343a55360b48a985fa45ac)
2004-02-12merges from 3.0Gerald Carter1-2/+4
(This used to be commit 2478501d402a07248d6181d4c9de253b203ff67c)
2004-02-11BUG 1055; patch from SATOH Fumiyasu <fumiya@miraclelinux.com>; formatting ↵Gerald Carter2-5/+6
fixes for 'net share' (This used to be commit 447d4fee6c245a5bbf0c33c8ffb0fd9041e51c24)
2004-02-09Expand 'net rpc group members' to local groups.Volker Lendecke1-49/+175
Volker (This used to be commit f524a493154a5f7304be472064550cd61af8305d)
2004-02-08(merge from 3.0)Andrew Bartlett3-89/+116
Make it possible to 'net rpc samdump' of any domain you are currently joined to, despite any smb.conf settings. Work to allow the same for 'net rpc vampire', but instead give a clear error message on what is incorrect. Andrew Bartlett (This used to be commit c4b6bd85978b61c4c9c34dde122e968c3771f2e6)
2004-02-08(merge from 3.0)Andrew Bartlett1-0/+1
Add some help for 'net rpc password'. Andrew Bartlett (This used to be commit 2c6f1966d6c25238d73a46132c05794677c3a882)
2004-02-08(merge from 3.0)Andrew Bartlett2-7/+7
Make more functions static, and remove duplication in the use of functions in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). This also includes some >14 character password changes, and the start of a move away from using 'admin user' to determine if the user is root (as root can login without setting 'admin user'). Andrew Bartlett (This used to be commit be0704abb919152c359a735023283acbf9be3076)
2004-02-08(merge from 3.0)Andrew Bartlett1-1/+1
Make this table static const. Andrew Bartlett (This used to be commit 3803cb36e9d94c08bf310c0ef1cdfc29b443dc0e)
2004-02-08(merge from 3.0)Andrew Bartlett1-0/+131
I should have done this years ago... This adds the very simple 'admin set password' capability to 'net rpc', much as we have it for 'net ads'. Andrew Bartlett (This used to be commit 5243b89e33efd2ea8842a624d8abd6c5755afb64)
2004-01-29more initialization fixesGerald Carter1-0/+41
(This used to be commit 63206b1204bd532bf99912cd4312baf7d69db1f6)
2004-01-26(merge from 3.0)Andrew Bartlett2-15/+2
This adds client-side support for the unicode/SAMR password change scheme. As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 8063b8b6c2eb30cb116988e265fb289109d7c348)
2004-01-21Fix compiler warningVolker Lendecke1-0/+2
(This used to be commit 3ec0d3abe9c838ad78fb8fd6a390ea3d8d2b9fcf)
2004-01-21Display some nicer error messages for login via 'net'. I don'tVolker Lendecke1-0/+8
see a reason why we have so many special cases and not simply use nt_errstr(nt_status). Comments? Volker (This used to be commit 18fa3ee649102f4bd36f9b03702fe72d234b6a3a)
2004-01-16Fix another join problem. Don't use a TALLOC_CTX before it has beenJim McDonough1-4/+25
initialized. Also split out the oldstyle join into a new fn, allowing us to call it with no failure message from net rpc join, but displaying a failure message when used with net rpc oldjoin. (This used to be commit cab0a4c4d5c7bf9d89697bf1d351eafbd00d7fd2)
2004-01-15Fix net rpc join (at least newstyle) after it was broken by changingJim McDonough1-5/+5
the parms to cli_lsa_query_info_policy without changing them here... (This used to be commit 97d6f4752572cc10894e6e80379c25f5da143ad1)
2004-01-13sync HEAD with recent changes in 3.0Gerald Carter4-32/+599
(This used to be commit c98399e3c9d74e19b7c9d806ca8028b48866931e)
2004-01-09fix some warnings from the Sun compiler; also merge some of abartlet's error ↵Gerald Carter1-1/+1
code changes form 3.0 (This used to be commit 2279e98cb81faaf8a4e971fec339955f14c23858)
2004-01-06Patch based on work from James Peach <jpeach@sgi.com> to convert over toJeremy Allison1-0/+6
using pread/pwrite. Modified a little to ensure fsp->pos is correct. Fix for #889. Jeremy. (This used to be commit 3a24dc868d95c9bcc2ac3a0dbd50e6e226ac0841)
2004-01-06(merge from 3.0)Andrew Bartlett3-4/+5
I think this was tpot's originally: Fix format types for 64 bit systems. Andrew Bartlett (This used to be commit 256b2da7c96e8313f4f98ce700fc7634eaccb72b)
2004-01-05(merge from 3.0)Andrew Bartlett2-5/+4
JHT came up with a nasty (broken) torture case in preparing examples for his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name -> sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit cc535a6c70d8dcf677322e31b24dec58b23d80f0)
2004-01-05(merge from 3.0)Andrew Bartlett1-11/+25
Try to gain a bit more consistancy in the output of usernames from ntlm_auth: Instead of returning a name in DOMAIN\user format, we now return it in the same way that nsswtich does - following the rules of 'winbind use default domain', in the correct case and with the correct seperator. This should help sites who are using Squid or the new SASL code I'm working on, to match back to their unix usernames. -- Get the DOMAIN\username around the right way (I had username\domain...) Push the unix username into utf8 for it's trip across the socket. Andrew Bartlett (This used to be commit 4c2e1189ff84d254f19b604999d011fdb17e538d)
2004-01-05(merge from 3.0)Andrew Bartlett1-4/+2
Remove testing hack Make the name of the NTLMSSP client more consistant before we lock it in stone. Andrew Bartlett (This used to be commit 273dcda9ce62eb04c9cce673bb49b41982b26d98)
2004-01-05(merge from 3.0)Andrew Bartlett1-54/+254
Move our basic password checking code from inside the authentication subsystem into a seperate file - ntlm_check.c. This allows us to call these routines from ntlm_auth. The purpose of this exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to avoid talking to winbind. This should allow for easier debugging. ntlm_auth itself has been reorgainised, so as to share more code between the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode has been added, for use with a Cyrus-SASL module I am writing (based on vl's work) Andrew Bartlett (This used to be commit 2f196bb31ac83cf7922583063c74a5f679ca5be7)
2004-01-05(merge from 3.0)Andrew Bartlett1-342/+181
Refactor our authentication and authentication testing code. The next move will be to remove our password checking code from the SAM authentication backend, and into a file where other parts of samba can use it. The ntlm_auth changes provide for better use of common code. Andrew Bartlett (This used to be commit 0d97b10248347398fbee66767baac0c7adf6889d)
2003-12-26Collecting some minor patches...Volker Lendecke1-8/+10
This adds the ability to specify the new user password for 'net ads password' on the command line. As this needs the admin password on the command line, the information leak is minimally more. Patch from gd@suse.de Volker (This used to be commit 68af56f517014476ab4549de72a0585a0a07c72f)
2003-12-24(merge from 3.0)Andrew Bartlett1-4/+9
Thanks to Serassio Guido for noticing issues in our Squid NTLMSSP implementation. We were not resetting the NTLMSSP state for new negotiate packets. Andrew Bartlett (This used to be commit ada064af72e120aacd733245292e988dd696d059)
2003-12-01In the brief 'net rpc group' listing, don't cut off group names at 21 chars.Volker Lendecke1-3/+3
Volker (This used to be commit d623f695c48736f21a79f02cf669d5bcf39cd920)
2003-12-01Beautify the net status help message a bitVolker Lendecke1-4/+4
Volker (This used to be commit f8ffa207e05920f28502b45b550a394aba9648a7)
2003-12-01I needed a decently parseable format of smbstatus. Looking at smbstatus codeVolker Lendecke3-0/+268
tells me that this should not be expanded, so I implemented net status [sessions|shares] [parseable] Volker (This used to be commit ed38341c8a6454a8ec0f8240d83239f6869536b8)
2003-11-28Implement 'net rpc group list [global|local|builtin]*' for a select listing ofVolker Lendecke2-0/+36
the respective user databases. Volker (This used to be commit 53b592f4a64742767f37f9c7f8ee0fdf42e686c6)
2003-11-27Fix for pdbedit error code returns (sorry, forgot who sent in the patch).Jeremy Allison1-2/+11
Jeremy. (This used to be commit 37c96290592607b5e731d0b8933be825d93b70f0)
2003-11-27Only ask for 512 names at a time.Volker Lendecke1-8/+19
Volker (This used to be commit 73cdf724e90d76e97895ae5b1326825bb59bf90e)
2003-11-26Implement "net rpc group members": Get members of a domain group inVolker Lendecke2-0/+89
human-readable format. Volker (This used to be commit e5770a9433099f86a1f828a35bbecbe5691c000c)
2003-11-26Get rid of a const warningVolker Lendecke1-2/+2
Volker (This used to be commit ab1096d58e2447bc91370e0a7f913d9375658c4c)
2003-11-23Merge from 3.0:Andrew Bartlett2-5/+5
Add support for variable-length session keys in our client code. This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. - Add server-side support for variable-length session keys (as used by DES based krb5 logins). Andrew Bartlett (This used to be commit 1287cf5f921327c9ea758de46220c4e2dedc485c)
2003-11-22(merge from 3.0)Andrew Bartlett1-72/+112
Changes all over the shop, but all towards: - NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... Andrew Bartlett (This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
2003-11-12show locked files for -u <user>; bug 590Gerald Carter1-10/+41
(This used to be commit 3290582cb0542d1e2a7e1e5213614fca8788b070)
2003-10-31Merge from 3.0:Tim Potter1-40/+40
Revision 1.45.2.23: Changed output so all debug output goes to stderr, and all file processing goes to stdout. Note: This change permits use of testparm processing of smb.conf to be redirected into a file that can be used as an smb.conf file. ie: All information that should not be in smb.conf will be on stderr, all pertinent smb.conf info will go to stdout. Example of use: A fully documented smb.conf.master file can be maintained. To create smb.conf do: testparm -s > smb.conf (This used to be commit f323b932f932a576d42a018a3e16b45758121891)