summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2002-01-20This is another *BIG* change...Andrew Bartlett2-40/+26
Samba now features a pluggable passdb interface, along the same lines as the one in use in the auth subsystem. In this case, only one backend may be active at a time by the 'normal' interface, and only one backend per passdb_context is permitted outside that. This pluggable interface is designed to allow any number of passdb backends to be compiled in, with the selection at runtime. The 'passdb backend' paramater has been created (and documented!) to support this. As such, configure has been modfied to allow (for example) --with-ldap and the old smbpasswd to be selected at the same time. This patch also introduces two new backends: smbpasswd_nua and tdbsam_nua. These two backends accept 'non unix accounts', where the user does *not* exist in /etc/passwd. These accounts' don't have UIDs in the unix sense, but to avoid conflicts in the algroitmic mapping of RIDs, they use the values specified in the 'non unix account range' paramter - in the same way as the winbind ranges are specifed. While I was at it, I cleaned up some of the code in pdb_tdb (code copied directly from smbpasswd and not really considered properly). Most of this was to do with % macro expansion on stored data. It isn't easy to get the macros into the tdb, and the first password change will 'expand' them. tdbsam needs to use a similar system to pdb_ldap in this regard. This patch only makes minor adjustments to pdb_nisplus and pdb_ldap, becouse I don't have the test facilities for these. I plan to incoroprate at least pdb_ldap into this scheme after consultation with Jerry. Each (converted) passdb module now no longer has any 'static' variables, and only exports 1 init function outside its .c file. The non-unix-account support in this patch has been proven! It is now possible to join a win2k machine to a Samba PDC without an account in /etc/passwd! Other changes: Minor interface adjustments: pdb_delete_sam_account() now takes a SAM_ACCOUNT, not a char*. pdb_update_sam_account() no longer takes the 'override' argument that was being ignored so often (every other passdb backend). Extra checks have been added in some places. Minor code changes: smbpasswd no longer attempts to initialise the passdb at startup, this is now done on first use. pdbedit has lost some of its 'machine account' logic, as this behaviour is now controlled by the passdb subsystem directly. The samr subsystem no longer calls 'local password change', but does the pdb interactions directly. This allow the ACB_ flags specifed to be transferred direct to the backend, without interference. Doco: I've updated the doco to reflect some of the changes, and removed some paramters no longer applicable to HEAD. (This used to be commit ff354c99c585068af6dc1ff35a1f109a806b326b)
2002-01-20This patch makes the 'winbind use default domain' code interact better withAndrew Bartlett1-5/+14
smbd, and also makes it much cleaner inside winbindd. It is mostly my code, with a few changes and testing performed by Alexander Bokovoy <a.bokovoy@sam-solutions.net>. ab has tested it in security=domain and security=ads, but more testing is always appricatiated. The idea is that we no longer cart around a 'domain\user' string, we keep them seperate until the last moment - when we push that string into a pwent on onto the socket. This removes the need to be constantly parsing that string - the domain prefix is almost always already provided, (only a couple of functions actually changed arguments in all this). Some consequential changes to the RPC client code, to stop it concatonating the two strings (it now passes them both back as params). I havn't changed the cache code, however the usernames will no longer have a double domain prefix in the key string. The actual structures are unchanged - but the meaning of 'username' in the 'rid' will have changed. (The cache is invalidated at startup, so on-disk formats are not an issue here). Andrew Bartlett (This used to be commit e870f0e727952aeb8599cf93ad2650ae56eca033)
2002-01-16much better support for organisational units in ADS joinAndrew Tridgell1-3/+7
(This used to be commit 7e876057d5e392f85e6fdb0f2c233b0fe76df688)
2002-01-15Change the passdb interface to use allocated strings.Andrew Bartlett1-1/+1
These strings are allocated using talloc(), either using its own memory context stored on the SAM_ACCOUNT or one supplied by the caller. The pdb_init_sam() and pdb_free_sam() function have been modifed so that a call to pdb_free_sam() will either clean up (remove hashes from memory) and destroy the TALLOC_CTX or just clean up depending on who supplied it. The pdb_init_sam and pdb_free_sam functions now also return an NTSTATUS, and I have modified the 3 places that actually checked these returns. The only nasty thing about this patch is the small measure needed to maintin interface compatability - strings set to NULL are actually set to "". This is becouse there are too many places in Samba that do strlen() on these strings without checking if they are NULL pointers. A supp patch will follow to set all strings to "" in pdb_default_sam(). Andrew Bartlett (This used to be commit 144345b41d39a6f68d01f62b7aee64ca0d328085)
2002-01-10Quieten warning about uninitialized variable.Martin Pool1-1/+3
(This used to be commit 63ea2bb0adf5ae742658f479613de90b1eec3db5)
2002-01-09Add two more memory-debug smbcontrol messages: these ones shouldMartin Pool1-6/+17
prompt dmalloc to log information about what happening, so you can see in flight why smbd is getting bloated. (This used to be commit bcb443c5c4bf97fe6b5b0993e42496c2e64f0124)
2002-01-07merge changes from 2.2 branch to prevent smb.conf from changing debug levelHerb Lewis6-0/+23
of commands when specified on command line. (This used to be commit 39d6b31e14144a3ff4b992d4286b706147e58566)
2002-01-07sync getopt() args with 2.2Gerald Carter1-1/+1
(This used to be commit 2fcdc520cee051631bbc2a0c06466d231390f8d5)
2002-01-04print the timezone in the same format as 'date +%z' - much better for scriptingAndrew Tridgell1-5/+8
(This used to be commit faa1b222f170abe34f6930bb3493cbe8b4df4082)
2002-01-03Cleanup format.Martin Pool1-1/+1
(This used to be commit a9b9ae47e1a11492f036b308c408c6a239a690f6)
2002-01-03smbd now sends a reply to MSG_REQ_POOL_USAGE, though it's prettyMartin Pool1-1/+2
boring so far. (This used to be commit 9b217dce7fe89d1e36a91d7d011c2a9fe185e0d3)
2002-01-03smbd should register to receive MSG_REQ_POOL_USAGE. Response shouldMartin Pool1-2/+0
be information about memory usage, but this is not done yet. (This used to be commit 830a126a442bdde28fc42e23e7260c344b6534b9)
2002-01-02Actually enforce the passdb API.Andrew Bartlett1-2/+2
Thou shalt not reference SAM_ACCOUNT members directly - always use pdb_get/pdb_set. This is achived by making the whole of SAM_ACCOUNT have a .private member, where the real members live. This caught a pile of examples, and these have beeen fixed. The pdb_get..() functions are 'const' (have been for some time) and this required a few small changes to constify other functions. I've also added some debugs to the pdb get and set, they can be removed if requested. I've rewritten the copy_id2x_to_sam_pass() functions to use the new passdb interface, but I need the flags info to do it properly. The pdb_free_sam() funciton now blanks out the LM and NT hashes, and as such I have removed many extra 'samr_clear_sam_passwd(smbpass)' calls as a result. Finally, any and all testing is always appriciated - but the basics seem to work. Andrew Bartlett (This used to be commit d3dd28f6c443187b8d820d5a39c7c5b3be2fa95c)
2001-12-31reverted to 1.24 and manually merged in changes from 2.2Gerald Carter1-194/+71
(This used to be commit 466f515240aaeca7b0fe2b7b3474ab23cab687cc)
2001-12-31Add 'net rpc shutdown' and 'net rpc abortshutdown'.Andrew Bartlett3-7/+177
These two little features are very useful, but the passing of options about needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out until the main popt loop can be convinced not to chew on the options :-( Andrew Bartlett (This used to be commit 51c985be7fbfe5627c5b2590e7610653e7be98e3)
2001-12-31fix compile errorGerald Carter1-1/+3
(This used to be commit c946c6bbc8192f5f0f3706d1b4a6cca0a994f36b)
2001-12-31some merges from 2.2. Still need to merge in changes from pdb_tdb.cGerald Carter1-74/+199
but it will take more time as I don't want to loose any fixes that are only in HEAD. (This used to be commit efcde5d9d8ce44c0613764504d797be54ba21473)
2001-12-30Add a pile of doxygen style comments to various parts of Samba. Many of theseAndrew Bartlett2-50/+236
probably will never actually be genearted, but I like the style in any case. Also fix a segfault in 'net rpc' when the login failed and a small memory leak on failure in the auth_info.c code. Andrew Bartlett (This used to be commit 2efae7cc522651c22fb120835bc800645559b63e)
2001-12-27moving SAM_ACCOUNT to include a bit field for initializedGerald Carter1-9/+9
members (such as uid and gid). This way we will be able to keep ourselves from writing out default smb.conf settings when the admin doesn't want to, That part is not done yet. Tested compiles with ldap/tdb/smbpasswd. Tested connection with smbpasswd backend. oh...and smbpasswd doesn'y automatically expire accounts after 21 days from the last password change either now. Just ifdef'd out that code in build_sam_account(). Will merge updates into 2.2 as they are necessary. jerry (This used to be commit f0d43791157d8f04a13a07d029f203ad4384d317)
2001-12-21smbcontrol in non-interactive mode was returning True for success --Martin Pool1-1/+4
need to invert this to give the shell 0. (This used to be commit ecc624067c54314834aacbf21d0f2ee54fce37e9)
2001-12-21Add option to pass NULL max_replies to wait_for_replies in case youMartin Pool1-4/+7
don't know how many to expect. (This used to be commit 53f1c0298b526dcacae956453a4b95fff226d0b8)
2001-12-21Add code to send MSG_REQ_POOL_USAGE. (smbd doesn't respond yet.)Martin Pool1-15/+57
Factor out common code to wait until replies are received or timeout expires. Show debug message when messages are sent. (This used to be commit 17bb0f60af13c5d0561c0ba50b0a6331bde52e8f)
2001-12-20make sure we store the domain sid when joining a ADS domainAndrew Tridgell1-0/+12
(This used to be commit dfbe442c668480d88cb8b385c6b89f8e198ca500)
2001-12-20added net lookup commandAndrew Tridgell2-1/+65
(This used to be commit 51268c512dbae94aba308668df9facaf15a2ce9e)
2001-12-20net now sends its debug to stderr so its output can be relied upon inAndrew Tridgell1-1/+1
scripts (This used to be commit 6d2f7ed708e75687d23f432ba9a186e88fa14118)
2001-12-20net ads password and net ads chostpass commands from Remus KoosAndrew Tridgell1-0/+91
(This used to be commit 412e79c448bf02e3097b5c14a36fe0172d8d2895)
2001-12-19much better ADS error handling systemAndrew Tridgell1-24/+20
(This used to be commit 05a90a28843e0d69183a49a76617c5f32817df16)
2001-12-19- added initial support for trusted domains in winbindd_adsAndrew Tridgell1-3/+6
- gss error code patch from a.bokovoy@sam-solutions.net - better sid dumping in ads_dump - fixed help in wbinfo (This used to be commit ee1c3e1f044b4ef62169ad74c5cac40eef81bfda)
2001-12-18Fixup JF's weird SID return :-).Jeremy Allison1-1/+1
Jeremy (This used to be commit 7b8fb8d85c406b8755f60cf14dc2377bc59eda53)
2001-12-17allow selection of the organisational unit when joining a realmAndrew Tridgell1-6/+28
(This used to be commit f1231c2b54cac9d4fda7fa9d45fd329f1fd7b779)
2001-12-14Rafal (mimir) patch for trusts r.Jean-François Micouleau1-1/+21
(This used to be commit c26623671e2b0b2e80c6d6383a99880c4f439f04)
2001-12-14Display a nice error message if the user%password specified for net rpcTim Potter1-2/+8
join does not have administrator privileges. (This used to be commit af24b1036c8ceaa37e6b68ac988401846c5c7fe4)
2001-12-14Display a nice error message for NT_STATUS_LOGON_FAILURE in connect_to_ipc()Tim Potter1-0/+7
(This used to be commit 60eb4dc7b1114275f035d27a890e0301a65e0e42)
2001-12-14More help/messages/formatting cleanup.Jim McDonough1-37/+40
(This used to be commit 882e5e3bb815e02407ecf6f689ffe5bb618845e8)
2001-12-14Merge from 2.2 to allow net rpc join -U to complete even if the workstationTim Potter1-2/+5
account already exists. # net rpc join --user=Administrator%password It's kind of weird seeing the mix of NET.EXE style of options (net command subcommand /arg:value) with the GNU-style long options. I think it works. (This used to be commit 3789c8c707acd9a4078d656c8de9ce1f4be9e388)
2001-12-14Restoration of at least some help function and format. First round of ↵Jim McDonough1-259/+221
cleanup. Printq function cannot exactly mimic windows output using d_printf...oh well. Add some more command-specific options back into help. (This used to be commit e135320e0547581c7d38126647a91b874d152622)
2001-12-14Set the debuglevel after the call to lp_load() so the change sticks.Tim Potter1-2/+2
(This used to be commit 3c927e39e7354d2f65b3ff7148fc325b41552310)
2001-12-14don't use -u switch to /bin/date - too many systems don't honor itAndrew Tridgell1-4/+4
(This used to be commit 0839cf03a92673b38f1afa103271c708fa7162a2)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-1/+41
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-12-13added "net ads info" to fetch basic ADS info without any authAndrew Tridgell1-0/+26
(This used to be commit b107ecef7097e4b3b870f51fa6628b870703b4de)
2001-12-13improved error message from failed connectAndrew Tridgell1-6/+3
(This used to be commit 4405a87fb754cece3a5428246ea6ecb9abba1996)
2001-12-12added "net time zone" command to show the timezone on a computerAndrew Tridgell1-6/+30
(This used to be commit 4e2691b1c13a7db4770effa6eddeb19adb47f8ae)
2001-12-11allow join of already joined domainAndrew Tridgell1-60/+35
(This used to be commit 784a3f295176dc87c8befd76d5f2dc9ef1e9e383)
2001-12-11prevent double freeAndrew Tridgell1-2/+0
(This used to be commit 3628a978d1881aa2a0939594b1c752475468965e)
2001-12-11better error handlingAndrew Tridgell1-11/+17
(This used to be commit 75621d528433a9c1af3eada0b748dfbcfdb8ad62)
2001-12-11added a comment about /bin/dateAndrew Tridgell1-1/+4
(This used to be commit 2183c1f3b09db5c078327050279130ac825c71f8)
2001-12-11added a net time command. Allow display or set of system time based onAndrew Tridgell3-13/+166
a SMB server particularly useful for ADS is: net time set -S DOMAIN#1B this makes kerberos clock skew problems go away :) (This used to be commit b3ba2293d0e4eac3b6408c3abc3dcacfa3f67fe4)
2001-12-11Removed unreferenced getopt() externals.Tim Potter1-2/+0
(This used to be commit c87d1ad32114200d3e678f8de88874c737f8e571)
2001-12-10reinstated all the rap commands as top level commands until we get theAndrew Tridgell2-81/+114
protocol switch mechanism in place (This used to be commit d20c3717dd58745da082d1b4df7698c6d6c38e6c)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-0/+16
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)