summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2001-12-11allow join of already joined domainAndrew Tridgell1-60/+35
(This used to be commit 784a3f295176dc87c8befd76d5f2dc9ef1e9e383)
2001-12-11prevent double freeAndrew Tridgell1-2/+0
(This used to be commit 3628a978d1881aa2a0939594b1c752475468965e)
2001-12-11better error handlingAndrew Tridgell1-11/+17
(This used to be commit 75621d528433a9c1af3eada0b748dfbcfdb8ad62)
2001-12-11added a comment about /bin/dateAndrew Tridgell1-1/+4
(This used to be commit 2183c1f3b09db5c078327050279130ac825c71f8)
2001-12-11added a net time command. Allow display or set of system time based onAndrew Tridgell3-13/+166
a SMB server particularly useful for ADS is: net time set -S DOMAIN#1B this makes kerberos clock skew problems go away :) (This used to be commit b3ba2293d0e4eac3b6408c3abc3dcacfa3f67fe4)
2001-12-11Removed unreferenced getopt() externals.Tim Potter1-2/+0
(This used to be commit c87d1ad32114200d3e678f8de88874c737f8e571)
2001-12-10reinstated all the rap commands as top level commands until we get theAndrew Tridgell2-81/+114
protocol switch mechanism in place (This used to be commit d20c3717dd58745da082d1b4df7698c6d6c38e6c)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-0/+16
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-05OK. Smbpasswd -j is DEAD.Andrew Bartlett6-153/+112
This moves the rest of the functionality into the 'net rpc join' code. Futhermore, this moves that entire area over to the libsmb codebase, rather than the crufty old rpc_client stuff. I have also fixed up the smbpasswd -a -m bug in the process. We also have a new 'net rpc changetrustpw' that can be called from a cron-job to regularly change the trust account password, for sites that run winbind but not smbd. With a little more work, we can kill rpc_client from smbd entirly! (It is mostly the domain auth stuff - which I can rework - and the spoolss stuff that sombody else will need to look over). Andrew Bartlett (This used to be commit 575897e879fc175ba702adf245384033342c903d)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-1/+1
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-12-05Add a new flag for anonymous connectionsAndrew Bartlett1-0/+3
(This used to be commit 5a96391c75fd13b2fc385aa571244b82bc4736d0)
2001-12-05Make it easier to construct anonymous connections with a new flag and helperAndrew Bartlett1-2/+28
function. (This used to be commit 61b0f5f4f9788784b0806a9a15cbc6bf1005aa68)
2001-12-05Split out the name resolution code into a seperate functionAndrew Bartlett1-27/+38
(This used to be commit b2443f6fca5840584926b7481acf1975507c445e)
2001-12-05Follow herb's suggestion and don't strdup a string to itselfAndrew Bartlett1-3/+6
(This used to be commit d00f461f43558c8ef942df305bcc2c89060b4800)
2001-12-05Follow herb's suggestion and don't strdup a string to itself.Andrew Bartlett1-3/+5
(This used to be commit ea76a687fc2614912fd6b0458622495f9920749e)
2001-12-05Add a mechinism to allow for sane porting of rpcclient components into the newAndrew Bartlett1-0/+166
'net' command. This also gets us 'net rpc user add'. Andrew Bartlett (This used to be commit 1197689bc56f4b2ca6ffea3b2601b8f6f9f52207)
2001-12-04added a boolean to the group mapping functions to specify if we need orJean-François Micouleau1-5/+9
not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F. (This used to be commit 6c87e96149101995b7d049657d5c26eefef37d8c)
2001-12-04allow for passwords other than "samba2"Andrew Tridgell1-1/+1
:) (This used to be commit cee58f10974b55ead68362166d12285568feeb23)
2001-12-04moved init_account_policy() to the right placeAndrew Tridgell1-2/+0
(This used to be commit e908f304a26b9f1100e301610151a9334bf117b0)
2001-12-04typo fixAndrew Tridgell1-1/+1
(This used to be commit 660238adcad8abb3f9a1e67eb81419618db77f3d)
2001-12-04smbpasswd is *ugly*!Andrew Bartlett1-0/+2
However this looks like the best spot to init the account policy db... (fix segfaults on all local smbpasswd ops) Andrew Bartlett (This used to be commit 3f3bb62ba63373c3cdf2495f97c7461ed5b373ef)
2001-12-04Add 'net rpc join' to match the ADS equiv.Andrew Bartlett3-295/+316
This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett (This used to be commit c0b7ee6ee547dc7ff798eaf8cb63fbe344073029)
2001-12-04Some changes to the name resolution code in 'net' to allow us to find aAndrew Bartlett2-25/+47
PDC, as well as changes for correctness as per tridge. Andrew Bartlett (This used to be commit 16d302c5cc0da93a58e0ce10843f9c8d8062c689)
2001-12-03added a tdb to store the account policy informations.Jean-François Micouleau1-12/+10
You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F. (This used to be commit bc28a8eebd9245ce3004ae4b1a359db51f77bf21)
2001-12-03This change reworkes the connection code for both rpcclient and net newAndrew Bartlett2-73/+15
'net' untility. This should make it easier to port rpcclient code across to net. It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse it kills off the early destruction of the clear-text password. Andrew Bartlett (This used to be commit eee925861a3af3aa16efa3b1700a980c9510c14e)
2001-12-03Forgot this one with the last commit...Andrew Bartlett1-0/+36
Andrew Bartlett (This used to be commit 8dbd9702d829eaefcdab8e3f8a4750befa884234)
2001-12-03This is another major rework of the 'net' command.Andrew Bartlett3-1057/+1273
This time, all the existing functionality has been moved into 'net rap', ready for new commands in the 'net ads' and 'net rpc' categories. In particular, we hope to have the abilty to autoselect the appropriate backend to use based on smb.conf or other paramaters. This will allow 'net user' to work no matter what the remote server. The new 'net rpc' command will soon gain a 'net rpc join' and a 'net rpc user' based on the existing samba code. Also in this commit, the connection establishment code has been almost entirly reworked, and now has some minor sense of sainity to it. In particular, we can now connect to hosts *other* than localhost! We also have the ability to state on a per-command basis whether the 'localhost' is a sane default value. (A net join, for example, would not be sane against localhost). Unfortunetly we have had to make the basic paramaters global variables, but the 'cli' is not opened and closed on a per-command basis. Andrew Bartlett (This used to be commit 8739d426caabe3794a018dd28ab139b08f88b603)
2001-12-01not used any moreAndrew Tridgell1-144/+0
(This used to be commit 97627e424a1de3df0a6f7a9bfaaf3ece4dd2036d)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-10/+22
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-11-29Changed again how the privilege list is handled in the group mapping code.Jean-François Micouleau1-12/+9
This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F. (This used to be commit 3f0a9ef2b8c626cfa2878394bb7b642342342bf3)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett2-6/+8
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-28fixed some krb5 ifdefsAndrew Tridgell1-1/+1
(This used to be commit 23ef22f11700bbaa5778a9678a990a2b041fcefe)
2001-11-28fix a bunch of places where we can double-free a cli structureAndrew Tridgell3-10/+0
(This used to be commit e2ba2383c9f679c076749a8f4fccefc3559e37ec)
2001-11-26prevent proto from picking up this as a defintion for 'main()' becoue it ↵Andrew Bartlett1-1/+1
conflicts with nmbd's definition. (This used to be commit 70e9c2efaada4be609ff053d216d554cb036df4e)
2001-11-26More compiler warnings fixed. Some minor reformatting.Tim Potter2-94/+143
(This used to be commit 8227f6909cca67fcc1a8455f4b386df7778ef2e7)
2001-11-26Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter4-12/+10
and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip); (This used to be commit 778f5f77a66cda76348a7c6f64cd63afe2bfe077)
2001-11-25Minor typosVolker Lendecke1-2/+2
(This used to be commit 1c9d951f86609b08e5660b0fc966c5e5058a3ce2)
2001-11-25portability fixesAndrew Tridgell1-3/+6
(This used to be commit 09127d85dc91037c9d0280b57d48d23e93a39f8b)
2001-11-25fixed typoAndrew Tridgell1-1/+1
(This used to be commit b14ae495028da4d2b995cefa786746d2c649460c)
2001-11-25better helpAndrew Tridgell1-1/+7
(This used to be commit b390d6eef95ee6094eb193006bc2f23c40291026)
2001-11-25use generate_random_str()Andrew Tridgell1-47/+4
(This used to be commit 720c50a7514febdd7cfd6ce40b7b5a0c5cc0abf8)
2001-11-25added "net ads user" and "net ads group" commandsAndrew Tridgell1-19/+66
(This used to be commit f482583139eedb75a23c7a720dca4e8fb7070fd5)
2001-11-25added "net ads status" commandAndrew Tridgell1-14/+39
(This used to be commit ae0eabd04c97320c2cf3c4575263c53cf61d03ea)
2001-11-25made a "net ads" command, currently with "net ads join" and "net ads leave"Andrew Tridgell2-4/+191
(This used to be commit 2f8fa175b189c2d11676245b01d3201c0a4f0826)
2001-11-24added "net join" commandAndrew Tridgell2-185/+191
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)
2001-11-24rewrote net.cAndrew Tridgell1-1260/+1071
The rewrite fixes a number of things: - much better command line parsing - fixed usage of static and const - better finding of hosts - clean internal separation of sub-functions - expandable design (This used to be commit 0f88d9c50e419504b9ceca5eadbe30ee04fa42dc)
2001-11-24This is another rather major change to the samba authenticaionAndrew Bartlett1-6/+0
subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett (This used to be commit 8d31eae52a9757739711dbb82035a4dfe6b40c99)
2001-11-23Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau1-18/+38
an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F. (This used to be commit f29774e58973f421bfa163c45bfae201a140f28c)
2001-11-23Removed TimeInit() call from every client program (except for one placeTim Potter11-20/+0
in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean. (This used to be commit 8fc772c9e5770cd3a8857670214dcff033ebae32)
2001-11-22added lsa_enum_sids to rpcclientJean-François Micouleau1-3/+2
fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F. (This used to be commit 646651018a2736833e49e76f6ca735a4647d9746)