summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2002-08-06fixed 'net ads chostpass' for new ads structuresAndrew Tridgell1-1/+11
(This used to be commit 3b0e60e522b669bad77e70d9c6f484a08ff84612)
2002-08-05added 'net rpc testjoin' and 'net ads testjoin' commandsAndrew Tridgell3-20/+125
unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library. (This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell3-31/+63
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-04passwords where not checked (you cannot check if the same buffer differs ↵Simo Sorce1-6/+18
from itself). they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
2002-08-02Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter1-0/+17
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
2002-07-31fixed a net crash bug if we can't find a DC in a 'net rpc' commandAndrew Tridgell1-0/+4
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
2002-07-31make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell1-0/+4
our smb.conf setup. (This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+1
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-29Use common popt definition for -d option.Tim Potter2-3/+2
(This used to be commit 8c17904848a6206ab35652625ff5f3afcf6bcb0d)
2002-07-28Add the ability to set account policies too.Andrew Bartlett1-7/+25
Andrew Bartlett (This used to be commit 2bf6edf78b64335bf10c10c893d6e8fa0fac708b)
2002-07-28Clean this code up a little. If it's alrady asprintf()ed, I see noAndrew Bartlett1-2/+3
need for a manual strdup() too... (This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
2002-07-27Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busyAndrew Bartlett2-54/+307
again, and has added 'net rpc trustdom list' support. This lists the trusted and trusting domains of a remote PDC. I've applied these almost directly, just fixing some special case code for when there are *no* trusting domains. We still have some parse errors in this case however. Andrew Bartlett. From mimir's e-mail: Here are another patches adding trust relationship features. More details: Better error reporting in cli_lsa_enum_trust_dom(). Implementation of cli_samr_enum_dom_users() which cli_samr.c lacked. More "consts" -- one of arguments in net_find_dc(). Modified implementation of run_rpc_command() -- now it allows to reuse already opened connection (if it is passed) to remote server's IPC$ (e.g. as part of longer exchange of rpc calls). I'm sure Andrew will argue ;-) More neat version of rpc_trustdom_list() function. (This used to be commit f0890026820ee3e432147130b46de4610e583381)
2002-07-26Mimir has been busy with patches again, and sent in the followingAndrew Bartlett1-2/+4
patches: Andrew Bartlett From his e-mail: Below I attach the following patches as a result of my work on trusted domains support: 1) srv_samr_nt.c.diff This fixes a bug which caused to return null string as the first entry of enumerated accounts list (no matter what entry, it was always null string and rid) and possibly spoiled further names, depeding on their length. I found that while testing my 'net rpc trustdom list' against nt servers and samba server. 2) libsmb.diff Now, fallback to anonymous connection works correctly. 3) smbpasswd.c.diff Just a little fix which actually allows one to create a trusting domain account using smbpasswd 4) typos.diff As the name suggests, it's just a few typos fix :) (This used to be commit 888d595fab4f6b28318b743f47378cb7ca35d479)
2002-07-24Make it possible to query account policy values from pdbedit (set to come soon).Andrew Bartlett1-11/+29
Update account_pol.c to use just uint32, rather then uint32 for paramaters, int32 for storage. (The int32 functions didn't have seperate return/status values, uint32 functions use a pointer-paramater). Move the #define -> string from a swtich to a table, so we can look it up both ways. Andrew Bartlett (This used to be commit c5b5e3d653f5c38a283d901a409be6603d5103f7)
2002-07-21Fix up dir drive call.Tim Potter1-1/+1
(This used to be commit fe229cc126a4bfdce12882ac7eaa893e00cd506e)
2002-07-21More cleanups, and add a comment/hint not to clean somthing up in future :-)Andrew Bartlett1-8/+0
Andrew Bartlett (This used to be commit 21b0e8f560849be77bde463cf006ea0de54211e9)
2002-07-21Another smattering of static and constAndrew Bartlett3-3/+3
(This used to be commit 897cc4a610932e596f8a9807213166e380ef0203)
2002-07-21Renamed all the new_cli_netlogon_* functions to cli_netlogon_*Tim Potter1-1/+1
as they're no longer new! (This used to be commit 277f6bbb9a63541a473a80a7994e9bde5c6f22dc)
2002-07-20Oops, my bad. I forgot to assign this, so lookupnames wasn't doing much :-)Andrew Bartlett1-0/+1
(This used to be commit 508106285380b772850238a8ed6b78a2c3334887)
2002-07-20More fixes towards warnings on the IRIX compilerAndrew Bartlett1-3/+5
(and yes, some of these are real bugs) In particular, the samr code was doing an &foo of various types, to a function that assumed uint32. If time_t isn't 32 bits long, that broke. They are assignment compatible however, so use that and an intermediate variable. Andrew Bartlett (This used to be commit 30d0998c8c1a1d4de38ef0fbc83c2b763e05a3e6)
2002-07-20correctly declare global_myworkgroup to be the right size.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 860f5b1a0c1898f1ce380d249610eeaaeb43b9e0)
2002-07-20Try to fix up warnings - particularly on the IRIX 64 bit compiler (which had aAndrew Bartlett2-5/+6
distinction between uchar and char). Lots of const etc. Andrew Bartlett (This used to be commit 8196ee908e10db2119e480fe1b0a71b31a16febc)
2002-07-20Update the usage for smbgroupedit to document -d for 'description'.Andrew Bartlett1-0/+2
I think this one is due to metze. Andrew Bartlett (This used to be commit bce3a2b1d893d83f701205d7969569571f6279b0)
2002-07-14Show the account flags in the 'verbose' listing of pdbedit.Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit b5ec92d7a2e5ba33b641267d2319d101d70a0d9a)
2002-07-14move opt_machine_pass to keep some compilers happyAndrew Tridgell1-1/+1
(This used to be commit 39e11ef5b1090e51c6c447c8037a43b52e04b881)
2002-07-13added useful 'net rpc info' commandAndrew Tridgell1-0/+76
this also gives a way to distinguish a 'native mode' server from a non-native server. This call will fail for a native mode server. (This used to be commit a7663428e05bdd41a1975d0db9be6537b7238b95)
2002-07-13added --machine-pass option to net. This allows you to authenticate asAndrew Tridgell1-1/+21
the current machine account and password. This is useful both for diagnostics and domain leave. (This used to be commit 73b246981fd5b27cc1d835946b89e82f5b78f332)
2002-07-13This makes smbcacls a bit easier to use and debug.Andrew Bartlett1-8/+15
Allow connection in the form of //server/share instead of just \\server\share and show the reason for failure from cli_full_connection(). Andrew Bartlett (This used to be commit 4687fac69d995e49a0f3701fb170d64af1ba4a47)
2002-06-28make net join a bit less verboseAndrew Tridgell1-1/+1
these errors happen all the time, so they shouldn't be level 0 (This used to be commit abc2aed26c6cb12a86987a3846ca5c9f7df9a5ae)
2002-06-28Proper merge of all the working printing stuff from APPLIANCE_HEAD.Jeremy Allison1-14/+96
Now let's keep this in sync ! Jeremy. (This used to be commit 3603cd4947df2c10df604447dc542932cb9e5d5a)
2002-06-26This commit finally gives us multiple wins server groups. We nowAndrew Tridgell1-2/+2
accept an extended syntax for 'wins server' like this: wins server = group1:192.168.2.10 group2:192.168.3.99 group1:192.168.0.1 The tags before the IPs don't mean anything, they are just a way of grouping IPs together. If you use the old syntax (ie. no ':') then an implicit group name of '*' is used. In general I'd recommend people use interface names for the group names, but it doesn't matter much. When we register in nmbd we try to register all our IPs with each group of WINS servers. We keep trying until all of them are registered with every group, falling back to the failover WINS servers for each group as we go. When we do a WINS lookup we try each of the WINS servers for each group. If a WINS server for a group gives a negative answer then we give up on that group and move to the next group. If it times out then we move to the next failover wins server in the group. In either case, if a WINS server doesn't respond then we mark it dead for 10 minutes, to prevent lengthy waits for dead servers. (This used to be commit e125f06058b6b51382cf046b1dbb30728b8aeda5)
2002-06-25Update cli_full_connection() to take a 'flags' paramater, and try to get aAndrew Bartlett3-73/+18
few more places to use it. Andrew Bartlett (This used to be commit 23689b0746d5ab030d8693abf71dd2e80ec1d7c7)
2002-06-25Add a .cvsignore fileAndrew Bartlett1-0/+1
(This used to be commit 7f81e423d2fcfd3a97920d1c5f50d9020355428b)
2002-06-25Break up samba's object dependencies, and its prototype includes.Andrew Bartlett2-0/+3
Now smbclient, net, and swat use their own proto files - now the global proto.h The change to libads/kerberos.c was to break up the dependency on secrets.c - we want to be able to write an ADS client that doesn't need local secrets. I have other breakups in the works - I will remove the dependency of rpc_parse on passdb (and therefore secrets.c) shortly. (NOTE: This patch does *not* break up includes.h, or other such forbidden actions). Andrew Bartlett (This used to be commit edb41dad2df0ae3db364dbc3896cc75956262edf)
2002-06-24Support utf8 on the wire for ads ldap. DN's are converted, as well as strings,Jim McDonough1-10/+20
though it is up to the calling function to decide whether values are strings or not. Attributes are not converted at this point, though support for it would be simple. I have tested it with users and groups using non-ascii chars, and if the check for alphanumeric user/domain names is removed form sesssetup.c, even a user with accented chars can connect, or even login (via winbind). I have also simplified the interfaces to ads_mod_*, though we will probably want to expand this by a few functions in the near future. We just had too many ways to do the same thing... (This used to be commit f924cb53580bc081ff34e45abba57629018c68d6)
2002-06-21Don't use uint. It doesn't exist on some platforms and we don't define it.Jeremy Allison1-1/+1
Replaced with "unsigned int". Jeremy. (This used to be commit 5841ca54b6a8c36f3d76c12570ff8f2211ed2363)
2002-06-16Cope with the requirement for constant initialisers on some unix C compilers.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 11b6d283d3c1408c89b03918f3a0c034411f5966)
2002-06-14Kill useless castAndrew Bartlett1-2/+2
(This used to be commit e2f9dd8b65063a276569d9c33aaf06606003b85c)
2002-06-14Patch from ctrlsoft to make the pluggable passdb subsystem use an lp_listAndrew Bartlett1-10/+12
rather than a string when configuring mulitple backends. Also adjust some of the users of get_global_sam_sid() to cope with the fact that it just might not exist (uninitialised, can't access secrets.tdb). More places need conversion. Add some const and remove silly casts. Andrew Bartlett (This used to be commit c264bf2ec93037d2a9927c00295fa60c88b7219d)
2002-06-14Patch (from ctrlsoft <jelmer@nl.linux.org>) to poptify testparm, and theAndrew Bartlett1-151/+120
modifications required to suppress the const warnings. Andrew Bartlett (This used to be commit ec4f1e9e2f6c162a475b424d63b9802387ad905e)
2002-06-13Latest patch from metze <metze@metzemix.de> to move most of samba acrossAndrew Bartlett1-4/+6
to using SIDs instead of RIDs. The new funciton sid_peek_check_rid() takes an 'expected domain sid' argument. The idea here is to prevent mistakes where the SID is implict, but isn't the same one that we have in the struct. Andrew Bartlett (This used to be commit 04f9a8ff4c7982f6597c0f6748f85d66d4784901)
2002-06-07Globally replace 'global_sam_sid' with get_global_sam_sid(), a selfAndrew Bartlett1-2/+1
initialising function. This patch thanks to the work of "Stefan (metze) Metzmacher" <metze@metzemix.de> This is partly to enable the transition to SIDs in the the passdb. Andrew Bartlett (This used to be commit 96afea638e15d4cbadc57023a511094a770c6adc)
2002-06-03added a 'net ads search' command, similar to 'ldapsearch' but using theAndrew Tridgell1-7/+70
Samba LDAP code. I have found using 'ldapsearch' rather frustrating, particularly with kerberos authentication. Using 'net ads search' makes it easier to track down ADS problems. (This used to be commit 55cad87424787fc5f140d307888f4c557dc2b345)
2002-06-01Add remainder of net rpc file subcommands, and autoselect transport onJim McDonough3-15/+142
net file (This used to be commit fd938eca210602790c4d0e442f3aa9aa22b5fdf2)
2002-05-31Enable all net rpc share subcommands and autoselect transport.Jim McDonough3-6/+58
(This used to be commit ebd07c3a295e3f8cd46441caac4dc8e8b178c2cc)
2002-05-31Enable net rpc share and net rpc file commands (list subcommands only), andJim McDonough5-53/+271
autoselect for this subcommand when appropriate. (This used to be commit 77418256d3162b41a672a25f7e512999f1193926)
2002-05-24Some of the updates from ctrlsoft's 'Various' patch:Andrew Bartlett3-21/+25
- convert net to popt - convert status to popt - adapt examples/pdb/ to multiple passdb system - add dynamic debug class example to examples/pdb/ and some reformatting to better match the samba coding style. Andrew Bartlett (This used to be commit 2498bc69d4e5c38ec385f640489daa94c508c726)
2002-05-24Remove the password length paramater from cli_full_connection - it reallyAndrew Bartlett2-3/+3
didn't make any sense, and its was always just strlen(password) anyway. This fixes it to be strlen(password)+1 Andrew Bartlett (This used to be commit c205b18bd6b9b69200ff3db55f2c641631d4ab40)
2002-05-23Allow initial password set on net ads user add. I need to do this onJim McDonough1-3/+30
rpc and rap too. Anyone know what key I'm supposed to use to encrypt it for the rap one? (This used to be commit 033faaa8cbfe7e368c554b26e7a506098d06fa02)
2002-05-23Given Jeremy's positive response, and a lack of one from tpot, I'll commitAndrew Bartlett1-76/+39
this: More code cleanup - this lot a bit more dodgy than the last: The aim is to trim pwd_cache down to size. Its overly complex, and a pain to deal with. With a header comment like this: 'obfusticaion is planned' I think it deserved to die (at least partly). This was being done to allow 'cli_establish_connection' to die - its functionality has been replaced by cli_full_connection(), which does not duplicate code everywhere for creating names etc. This also removes the little 'init' fucntions for the various pipes, becouse they were only used in one place, and even then it was dodgy. (I've reworked smbcacls not to use anonymous connections any more, as this will (should) fail with a 'restrict anonymous' PDC). This allowed me to remove cli_pipe_util.c, which was calling cli_establish_connection. tpot: I'm not sure what direction you were going with the client stuff, and you may well have been wanting the init functions. If thats the case, give me a yell and I'll reimplement them against cli_full_connection. Andrew Bartlett (This used to be commit fa67e4626bed623333c571e76e06ccd52cba5cc5)