summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r17005: Add a new helper mode to ntlm_auth: ntlm-change-password-1Andrew Bartlett1-1/+295
This mode proxies pre-calculated blobs from a remote (probably VPN) client into the domain. This allows clients to change their password over a PPTP connection (where they would not be able to connect to SAMR directly). The precalculated blobs do not reveal the plaintext password. Original patch by Alexey Kobozev <cobedump@gmail.com> (This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
2007-10-10r16952: New derive DES salt code and Krb5 keytab generationGerald Carter1-15/+56
Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys. (This used to be commit 6261dd3c67d10db6cfa2e77a8d304d3dce4050a4)
2007-10-10r16947: Fix warning with profile separator when profiles notJeremy Allison1-0/+2
being used. Jeremy. (This used to be commit 441c289fd21d00398fb7c4c7c0338b03129a7545)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison15-470/+1094
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16845: Properly report the error during join when the set password failsGerald Carter1-0/+7
(This used to be commit ef6e9ca5276586c081fcf18bb178a2326309b539)
2007-10-10r16656: Fix #3894 and #3895 reported by jason@ncac.gwu.edu.Jeremy Allison1-3/+3
Jeremy. (This used to be commit ddf35ad69201cf9a0aa45ff25e17eddef60d75ad)
2007-10-10r16652: Fix bug #3891 reported by jason@ncac.gwu.edu.Jeremy Allison1-4/+1
Jeremy. (This used to be commit 9b0df8d008bc5574526d68628f351eb4dbf98e8a)
2007-10-10r16644: Fix bug #3887 reported by jason@ncac.gwu.eduJeremy Allison6-12/+12
by converting the lookup_XX functions to correctly return SID_NAME_TYPE enums. Jeremy. (This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
2007-10-10r16640: Fix bug #3886 reported by jason@ncac.gwu.edu.Jeremy Allison1-3/+0
Jeremy. (This used to be commit 76cc25a37e145fb48a8a81df37e790690b5dceac)
2007-10-10r16638: Fix bug #3885, reported by jason@ncac.gwu.edu. UseJeremy Allison1-1/+1
the correct enumerated type in the macro. Jeremy. (This used to be commit 63ad19f71c6b9474042f4ea9d5859e2849a73da8)
2007-10-10r16614: Klocwork #2012. memleak on error path.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 58b9adb849854610e7167e8aa02a02bd15b0bf00)
2007-10-10r16612: Klocwork fix #2011. memleak on error path.Jeremy Allison1-6/+11
Jeremy. (This used to be commit b4e9475d2ac65f72cab0d5c8276da27cf1aeb791)
2007-10-10r16453: Fix another memleak.Günther Deschner1-0/+1
Guenther (This used to be commit 49fb1a3ebc44602302c347195752891bf28c7037)
2007-10-10r16435: Add in the uid info that Jerry needs into theJeremy Allison1-2/+3
share_mode struct. Allows us to know the unix uid of the opener of the file/directory. Needed for info level queries on open files. Jeremy. (This used to be commit d929323d6f513902381369d77bcd7b714346d713)
2007-10-10r16429: Fix final 4 Klocwork bugs we're going to fix beforeJeremy Allison1-1/+1
release - #785, #786, #787, #788. Jeremy. (This used to be commit 9017547cccadeecb80f3db58a43838dc656fce2f)
2007-10-10r16409: Fix Klocwork ID's.Volker Lendecke2-4/+8
1177 In reg_perfcount.c: 1200 1202 1203 1204 In regfio.c: 1243 1245 1246 1247 1251 Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This is really your code, and I'm not sure I did the right thing to return an error. smbcacls.c: 1377 srv_eventlog_nt.c: 1415 1416 1417 srv_lsa_nt.c: 1420 1421 srv_netlog_nt.c: 1429 srv_samr_nt: 1458 1459 1460 Volker Volker (This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
2007-10-10r16363: Fix Klocwork ID 981 1652Volker Lendecke1-1/+4
Volker (This used to be commit ce1d8423ef7cd86fc64200002fde707bca621d44)
2007-10-10r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607Volker Lendecke7-12/+75
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749 in net_rpc_audit.c: 754 755 756 in net_rpc_join.c: 757 in net_rpc_registry: 766 767 in net_rpc_samsync.c: 771 773 in net_sam.c: 797 798 Volker (This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
2007-10-10r16346: Allow to exit a "net rpc shell" with 'quit' or 'exit'.Günther Deschner1-0/+4
Guenther (This used to be commit 232566e1cb1eaaa6ae09e9de8a8a82d91acdfda7)
2007-10-10r16345: Improve the chance that our users can discover one of the coolest 'net'Günther Deschner1-0/+1
features. Guenther (This used to be commit 446d79a0007d3d99c73eb758216f18f64036f11d)
2007-10-10r16344: Allow to set passwords directly when creating users via "net rpc userGünther Deschner2-2/+56
add" (as the documentation says, and currently onle "net ads user add" did). Fixes #3843. Guenther (This used to be commit 5d776d5fabded9b713080789aefc6058510b51f6)
2007-10-10r16298: On request of jiri sasek - Sun Microsystems - Prague Czech Republic ↵Jeremy Allison1-6/+6
<Jiri.Sasek@Sun.COM> change priv_op and priv_info to names that don't conflict with the solaris namespace. Jeremy. (This used to be commit db5b4e3f13bceeb2f078f412bdd4666516eedc5c)
2007-10-10r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsignedJeremy Allison3-6/+6
int in a format string. Jeremy. (This used to be commit face01ef01e1a3c96eae17c56cadf01020d4cb46)
2007-10-10r16270: Fix Klocwork #706 - ensure sscanf has correct formatJeremy Allison1-4/+5
specifier. Jeremy. (This used to be commit dc53d35b0a1491da94e231943a81547be4c75631)
2007-10-10r16267: Fix Klocwork #401, #402 - ensure format specifierJeremy Allison1-1/+8
limited. Fix memleak in printing gencache contents. Jeremy. (This used to be commit 81731e1f68cdf4af80733338238aeae0a7d108c0)
2007-10-10r16261: Smaller fixes for net ads password.Günther Deschner1-2/+2
Guenther (This used to be commit 689ae22c80a890278610d9ada1eb4fa5e37bd5ce)
2007-10-10r16252: Fix Klocwork ID 1119, 1121.Volker Lendecke1-0/+10
Volker (This used to be commit 678bbcf06109b276d3e4514c3788a9fb31348de0)
2007-10-10r16251: for i in `seq 1 1000`Volker Lendecke1-1/+1
do echo "I will always compile before commit :-)" done Also fix Klokwork ID 806. Volker (This used to be commit 4974c598c00abc20cfb73eee12a7c49c279e0f54)
2007-10-10r16247: Fix Coverity ID 296Volker Lendecke1-1/+1
(This used to be commit b82c95cb438b57bb8910e26657f8ffb590fe02df)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-8/+25
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16230: Fix Klocwork #861 and others. localtime and asctimeJeremy Allison4-12/+27
can return NULL. Ensure we check all returns correctly. Jeremy. (This used to be commit 6c61dc8ed6d84f310ef391fb7700e93ef42c4afc)
2007-10-10r16219: BUG 3836, 3837, 3004: compile warning fixes from Jason Mader.Gerald Carter1-1/+1
(This used to be commit 6c1f1c091f5e87bf9464fe8ad7eb2cb683819a62)
2007-10-10r16115: Make "net ads changetrustpw" work again.Günther Deschner1-4/+4
(adapt to the new UPN/SPN scheme). Guenther (This used to be commit 8fc70d0df0c93c29b49f924bac9ff5d9857cfd9d)
2007-10-10r15971: Obey the manpage description and make changesecretpw accept a ↵Simo Sorce1-1/+14
password via stdin (This used to be commit 60d4aabc3205aa80f8d49c3c2db95927c61a81a5)
2007-10-10r15906: smbpasswd help text for -W option (patch from Aruna Prabakar ↵Gerald Carter1-0/+1
<aruna.prabakar@hp.com> (This used to be commit 0a81af4fef5b794fea257d9e3e11b16c3a4de12f)
2007-10-10r15890: Use correct enum type (bug #3722) from Jason Mader <jason@ncac.gwu.edu>.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a8eb1186a12b44178a28b013373f6f8a4356d9ec)
2007-10-10r15703: Fix d_printf call.Günther Deschner1-1/+1
Guenther (This used to be commit 741602e03ad2404d4e38e55b9e5fd20b85fd205d)
2007-10-10r15701: change 'net ads leave' to disable the machine account in the domain ↵Gerald Carter3-212/+395
(since removal implies greater permissions that Windows clients require) (This used to be commit ad1f947625612ef16adb69fc2cfeffc68a9a2e02)
2007-10-10r15680: use the user creds when calling net_set_machine_spn() rather than ↵Gerald Carter1-64/+15
the machine creds (just like WinXP) (This used to be commit ae2bf464c47eb52ff24400d1cc362e74e77fbac5)
2007-10-10r15657: Fix some Tru64 warningsVolker Lendecke2-3/+3
(This used to be commit a85dfb9eff222142eb1f9d89beb3d156661dd047)
2007-10-10r15646: Implement an setdomainsid command as wellSimo Sorce2-1/+23
(This used to be commit 51df47c772f8bdd5a2c3a1e9814e625406e79b5f)
2007-10-10r15630: adapt smbclient fix to smbtree to enable long share namesJim McDonough1-0/+57
(This used to be commit ae56154fc7694042496a55d4dade8ef1a7ba361c)
2007-10-10r15608: Fix a couple of Coverity errorsVolker Lendecke1-0/+9
(This used to be commit 696e210bf6688e8b2f408559768173b4bdbda979)
2007-10-10r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb ↵Gerald Carter1-7/+9
flags on the setuserinfo(), not the createuser info call (This used to be commit d933ac273db5977fb41954175bdc228b688bfd6e)
2007-10-10r15566: Fix Coverity bug # 284. The lp_ldap_xx_suffix function only return ↵Volker Lendecke1-7/+16
NULL if talloc fails. Volker (This used to be commit 0ece5b32f97f162be0af2ea3354a597c56ed4373)
2007-10-10r15561: Should re-fix older systems without RC4-HMAC supportGerald Carter1-15/+6
(This used to be commit 00c795e3660a65419e707706abf48916dcd7f850)
2007-10-10r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....Gerald Carter1-5/+71
Re-add the capability to specify an OU in which to create the machine account. Done via LDAP prior to the RPC join. (This used to be commit b69ac0e30441faea7a7d677b6bb551aa8ffbf55d)
2007-10-10r15559: Smaller fixes for the new cldap code:Günther Deschner1-2/+1
* replace printf to stderr with DEBUG statements as they get printed in daemons * "net ads lookup" return code Guenther (This used to be commit 8dd925c5fbfcbe711c596d08e8eadc19607d5492)
2007-10-10r15549: removing rhosts and 'hosts equiv' authentication featuresGerald Carter1-9/+0
(This used to be commit d19dad88155f985f113c667b6bdad5a1b25eca18)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter6-517/+607
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)