Age | Commit message (Collapse) | Author | Files | Lines |
|
options.
Andrew Bartlett
(This used to be commit 4cd822d9e4e5f35a47b0837bfa73c8a457e6cc85)
|
|
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
|
|
user SIDs correctly.
Volker
(This used to be commit 287b7bda11100c42f2cdea36a20a81f6ea397f43)
|
|
(This used to be commit 2df34c9bfc76ee832e5005a2ad0ff0b6abb98034)
|
|
Print domain SID on 'net rpc info'
Volker
(This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
|
|
(This used to be commit 169e784f4829ef356ed6232ace950d43cac1d467)
|
|
Volker
(This used to be commit 5af5326f1311a49d3c8316e1dcc27037b831065a)
|
|
(This used to be commit 8aae10bcdc05fca4e0281ac91a7679c60b791534)
|
|
couple of unknown fields we still need to work out.
(This used to be commit 67b4dbd5c9f2665d5e6157b8cd522ebff4b8a4ea)
|
|
we still need to parse the core of the structure
(This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
|
|
win2000 server. It does seem to work, and win200 sends us a valid
reply, but we don't parse it yet. Maybe tomorrow :)
(This used to be commit 6352508c54cee333ed7c0e3ebc372be7cd60ed62)
|
|
(This used to be commit cb72eead70509eddaa051571f3eed3c46304b5f8)
|
|
(This used to be commit aa93db5abed75b5c9a032a080c07473fafa53a43)
|
|
future.
This moves us from fstrcpy() and global variables to 'get' and 'set' functions.
In particular, the 'set' function sainity-checks the input, in the same way as
we always have.
Andrew Bartlett
(This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
|
|
(This used to be commit 3b0e60e522b669bad77e70d9c6f484a08ff84612)
|
|
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
(This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
|
|
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
(This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
|
|
from itself).
they where alo not clean after use!
Simo.
(This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
|
|
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
|
|
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
|
|
our smb.conf setup.
(This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
|
|
very useful in scripts
(This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
|
|
(This used to be commit 8c17904848a6206ab35652625ff5f3afcf6bcb0d)
|
|
Andrew Bartlett
(This used to be commit 2bf6edf78b64335bf10c10c893d6e8fa0fac708b)
|
|
need for a manual strdup() too...
(This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
|
|
again, and has added 'net rpc trustdom list' support.
This lists the trusted and trusting domains of a remote PDC.
I've applied these almost directly, just fixing some special
case code for when there are *no* trusting domains. We still
have some parse errors in this case however.
Andrew Bartlett.
From mimir's e-mail:
Here are another patches adding trust relationship features.
More details:
Better error reporting in cli_lsa_enum_trust_dom().
Implementation of cli_samr_enum_dom_users() which cli_samr.c
lacked.
More "consts" -- one of arguments in net_find_dc().
Modified implementation of run_rpc_command() -- now it
allows to reuse already opened connection (if it is passed)
to remote server's IPC$ (e.g. as part of longer exchange
of rpc calls). I'm sure Andrew will argue ;-)
More neat version of rpc_trustdom_list() function.
(This used to be commit f0890026820ee3e432147130b46de4610e583381)
|
|
patches:
Andrew Bartlett
From his e-mail:
Below I attach the following patches as a result of my work
on trusted domains support:
1) srv_samr_nt.c.diff
This fixes a bug which caused to return null string as
the first entry of enumerated accounts list (no matter what
entry, it was always null string and rid) and possibly
spoiled further names, depeding on their length.
I found that while testing my 'net rpc trustdom list'
against nt servers and samba server.
2) libsmb.diff
Now, fallback to anonymous connection works correctly.
3) smbpasswd.c.diff
Just a little fix which actually allows one to create
a trusting domain account using smbpasswd
4) typos.diff
As the name suggests, it's just a few typos fix :)
(This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
|
|
Update account_pol.c to use just uint32, rather then uint32 for paramaters,
int32 for storage. (The int32 functions didn't have seperate return/status
values, uint32 functions use a pointer-paramater).
Move the #define -> string from a swtich to a table, so we can look it up
both ways.
Andrew Bartlett
(This used to be commit c5b5e3d653f5c38a283d901a409be6603d5103f7)
|
|
(This used to be commit fe229cc126a4bfdce12882ac7eaa893e00cd506e)
|
|
Andrew Bartlett
(This used to be commit 21b0e8f560849be77bde463cf006ea0de54211e9)
|
|
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
|
|
as they're no longer new!
(This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
|
|
(This used to be commit 508106285380b772850238a8ed6b78a2c3334887)
|
|
(and yes, some of these are real bugs)
In particular, the samr code was doing an &foo of various types, to a function
that assumed uint32. If time_t isn't 32 bits long, that broke.
They are assignment compatible however, so use that and an intermediate
variable.
Andrew Bartlett
(This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
|
|
Andrew Bartlett
(This used to be commit 860f5b1a0c1898f1ce380d249610eeaaeb43b9e0)
|
|
distinction between uchar and char).
Lots of const etc.
Andrew Bartlett
(This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
|
|
I think this one is due to metze.
Andrew Bartlett
(This used to be commit bce3a2b1d893d83f701205d7969569571f6279b0)
|
|
Andrew Bartlett
(This used to be commit b5ec92d7a2e5ba33b641267d2319d101d70a0d9a)
|
|
(This used to be commit 39e11ef5b1090e51c6c447c8037a43b52e04b881)
|
|
this also gives a way to distinguish a 'native mode' server from a
non-native server. This call will fail for a native mode server.
(This used to be commit a7663428e05bdd41a1975d0db9be6537b7238b95)
|
|
the current machine account and password. This is useful both for
diagnostics and domain leave.
(This used to be commit 73b246981fd5b27cc1d835946b89e82f5b78f332)
|
|
Allow connection in the form of //server/share instead of just \\server\share
and show the reason for failure from cli_full_connection().
Andrew Bartlett
(This used to be commit 4687fac69d995e49a0f3701fb170d64af1ba4a47)
|
|
these errors happen all the time, so they shouldn't be level 0
(This used to be commit abc2aed26c6cb12a86987a3846ca5c9f7df9a5ae)
|
|
Now let's keep this in sync !
Jeremy.
(This used to be commit 3603cd4947df2c10df604447dc542932cb9e5d5a)
|
|
accept an extended syntax for 'wins server' like this:
wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1
The tags before the IPs don't mean anything, they are just a way of
grouping IPs together. If you use the old syntax (ie. no ':') then
an implicit group name of '*' is used. In general I'd recommend people
use interface names for the group names, but it doesn't matter much.
When we register in nmbd we try to register all our IPs with each group
of WINS servers. We keep trying until all of them are registered with
every group, falling back to the failover WINS servers for each group
as we go.
When we do a WINS lookup we try each of the WINS servers for each group.
If a WINS server for a group gives a negative answer then we give up
on that group and move to the next group. If it times out then
we move to the next failover wins server in the group.
In either case, if a WINS server doesn't respond then we mark it dead
for 10 minutes, to prevent lengthy waits for dead servers.
(This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5)
|
|
few more places to use it.
Andrew Bartlett
(This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
|
|
(This used to be commit 7f81e423d2fcfd3a97920d1c5f50d9020355428b)
|
|
Now smbclient, net, and swat use their own proto files - now the global
proto.h
The change to libads/kerberos.c was to break up the dependency on secrets.c -
we want to be able to write an ADS client that doesn't need local secrets.
I have other breakups in the works - I will remove the dependency of
rpc_parse on passdb (and therefore secrets.c) shortly.
(NOTE: This patch does *not* break up includes.h, or other such forbidden
actions).
Andrew Bartlett
(This used to be commit edb41dad2df0ae3db364dbc3896cc75956262edf)
|
|
though it is up to the calling function to decide whether values are
strings or not. Attributes are not converted at this point, though support
for it would be simple.
I have tested it with users and groups using non-ascii chars, and if the
check for alphanumeric user/domain names is removed form sesssetup.c, even
a user with accented chars can connect, or even login (via winbind).
I have also simplified the interfaces to ads_mod_*, though we will probably
want to expand this by a few functions in the near future. We just had
too many ways to do the same thing...
(This used to be commit f924cb53580bc081ff34e45abba57629018c68d6)
|
|
Replaced with "unsigned int".
Jeremy.
(This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
|