summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2002-09-24This is a first working version of net rpc vampire. First do a net rpcVolker Lendecke1-12/+264
getsid, then join as a BDC, and then watch net rpc vampire suck out the good stuff out of a PDC :-). It's not perfect, but it does quite a bit for me. Watch out for more. Volker (This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba)
2002-09-23Update some help. People keep forgetting that!Richard Sharpe1-1/+3
(This used to be commit b53547bf663ed1714326f9b0e74215e012e728af)
2002-09-23Add net getlocalsid [name]Richard Sharpe1-0/+26
(This used to be commit 08c3e2b824cd2c93ca548fa18ea16a18f5b197e5)
2002-09-23Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-)Volker Lendecke1-2/+3
When creating a group you have to take care of the fact that the underlying unix might not like the group name. This change gets around that problem by giving the add group script the chance to invent a group name. It then must only return the newly created numerical gid. Volker (This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc)
2002-09-23Cosmetic fix for debug message.Volker Lendecke1-2/+1
(This used to be commit 42774a7753eb8be1ec04bcb5dda089910a1b6d0b)
2002-09-23Add the ability to view/set the current local domain SIDs.Volker Lendecke1-0/+45
Volker (This used to be commit f6ed429838cc0140c0d033875012c7a999891549)
2002-09-22Change parsing of policy and privs delta to what Ethereal says.Volker Lendecke1-3/+1
Volker (This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c)
2002-09-18First code for 'net rpc vampire'. We should probably find a moreVolker Lendecke2-1/+279
positive name for this. It creates users and global groups. More to come. Volker (This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d)
2002-09-18Add a synonym for samdump ...Richard Sharpe1-0/+1
(This used to be commit a8dc1464ea2d05eb2a26afdd433cdb6b69002259)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-14/+12
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-09-11added gencache implementation from mimir - thanks!Andrew Tridgell3-0/+330
(This used to be commit 05a202c287f5daeb1ccbaf9479aa93e7928e93db)
2002-09-10removing compiler warnings about shadowed globalsGerald Carter1-18/+18
(This used to be commit 6f0561acadd139e37f86e30a2bbf10f428178eaf)
2002-09-06This is the 'easy' parts of the trusted domains patch n+3 patch fromAndrew Bartlett1-0/+8
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl> It includes a conversion of make_user_info*() to NTSTATUS and some minor changes to other files. It also picks up on a nasty segfault that can occour in some security=domain cases. Andrew Bartlett (This used to be commit d1e1fc3e4bf72717b3593685f0ea5750d676952a)
2002-09-06Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>Andrew Bartlett1-1/+1
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better general infrustructure for his sam_ads work. I've also added some extra failure mode DEBUG()s to parts of the code. NOTE: The ADS_ERR_OK() macro is rather sensitive to braketing issues - without the final set of brakets, the test is essentially inverted - causing some intersting 'error = success' messages... Andrew Bartlett (This used to be commit 5b9a7ab901bc311f3ad08462a8a68d133c34a8b4)
2002-09-01Fix segfault in net commandVolker Lendecke1-1/+1
(This used to be commit 26bee60a419593a5afe4e48614f7f3fc414596a5)
2002-08-30added cli_net_auth_3 client code.Jean-François Micouleau2-2/+5
changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e)
2002-08-30convert the LDAP/SASL code to use GSS-SPNEGO if possibleAndrew Tridgell1-0/+4
we now do this: - look for suported SASL mechanisms on the LDAP server - choose GSS-SPNEGO if possible - within GSS-SPNEGO choose KRB5 if we can do a kinit - otherwise use NTLMSSP This change also means that we no longer rely on having a gssapi library to do ADS. todo: - add TLS/SSL support over LDAP - change to using LDAP/SSL for password change in ADS (This used to be commit b04e91f660d3b26d23044075d4a7e707eb41462d)
2002-08-29There's more work to be done on samsync. Intermediate commit, nowVolker Lendecke1-5/+21
I get all the groups at least. Volker (This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60)
2002-08-29show builtin groups in samdumpAndrew Tridgell1-33/+40
(This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c)
2002-08-28'No news is good news' might sometimes be confusing, at least to me :-)Volker Lendecke1-1/+7
Volker (This used to be commit f76a5431f0448efbc879aee965c643e2e362632a)
2002-08-28Put in intermediate version of new SAM system. It's not stable yet, codeJelmer Vernooij1-1/+1
might be ugly, etc - please don't blame me for anything but instead try to fix the code :-). Compiling of the new sam system can be enabled with the configure option --with-sam Removing passdb/passgrp.c as it's unused fix typo in utils/testparm.c (This used to be commit 4b7de5ee236c043e6169f137992baf09a95c6f2c)
2002-08-27add hook for MSG_PRINTER_DRVUPGRADE that numps the change_id on all printers ↵Gerald Carter1-0/+5
bound to a given driver (This used to be commit e913d508d4f894eb3f0e59b9c28b0fc5b56962ec)
2002-08-22a few minor cleanups in the cldap requestAndrew Tridgell1-2/+26
(This used to be commit 228fc518da0404fe770175d5277fe5f5b08f9c67)
2002-08-22added a 'net rpc samdump' command for dumping the whole sam viaAndrew Tridgell2-0/+163
samsync operations (as a BDC) (This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986)
2002-08-21This is like jht's (abortive) patch for showing only non-default testparmAndrew Bartlett1-4/+6
options. Andrew Bartlett (This used to be commit 4cd822d9e4e5f35a47b0837bfa73c8a457e6cc85)
2002-08-21Patch from Paul Green <Paul.Green@stratus.com> to be more POSIX-compatibleJelmer Vernooij1-0/+6
(This used to be commit addf29e6765393b25c35bd833d29e29e4581c233)
2002-08-21pdbedit needs global_myname to be set in order to display theVolker Lendecke1-1/+12
user SIDs correctly. Volker (This used to be commit 287b7bda11100c42f2cdea36a20a81f6ea397f43)
2002-08-21global_myname is a pstring, not an fstringVolker Lendecke1-1/+1
(This used to be commit 2df34c9bfc76ee832e5005a2ad0ff0b6abb98034)
2002-08-21Add 'net rpc getsid' to fetch the PDC's SID into the local secrets.tdbVolker Lendecke1-1/+55
Print domain SID on 'net rpc info' Volker (This used to be commit 12fd889a3f0e3eeeb27a51cdd7f648a59083f2ba)
2002-08-21just comment typosVolker Lendecke1-15/+15
(This used to be commit 169e784f4829ef356ed6232ace950d43cac1d467)
2002-08-21Fix debug level initialization for net.cVolker Lendecke1-1/+1
Volker (This used to be commit 5af5326f1311a49d3c8316e1dcc27037b831065a)
2002-08-19print out the GUID in the CLDAP replyAndrew Tridgell1-12/+11
(This used to be commit 8aae10bcdc05fca4e0281ac91a7679c60b791534)
2002-08-19we now parse the cldap reply and print its contents. There are aAndrew Tridgell1-4/+82
couple of unknown fields we still need to work out. (This used to be commit 67b4dbd5c9f2665d5e6157b8cd522ebff4b8a4ea)
2002-08-19we now receive and parse the main cldap netlogon reply.Andrew Tridgell1-10/+88
we still need to parse the core of the structure (This used to be commit 6780ae25bf7ca291f612682dec7ee7ff44c24bef)
2002-08-19added a 'net ads lookup' command that does a CLDAP NetLogon query to aAndrew Tridgell2-0/+121
win2000 server. It does seem to work, and win200 sends us a valid reply, but we don't parse it yet. Maybe tomorrow :) (This used to be commit 6352508c54cee333ed7c0e3ebc372be7cd60ed62)
2002-08-15*** empty log message ***Simo Sorce1-87/+175
(This used to be commit cb72eead70509eddaa051571f3eed3c46304b5f8)
2002-08-11Merge some usage info from APPLIANCE_HEAD.Tim Potter1-0/+3
(This used to be commit aa93db5abed75b5c9a032a080c07473fafa53a43)
2002-08-10Fix the %m security bug again - and try to make it harder to reintroduce inAndrew Bartlett1-4/+5
future. This moves us from fstrcpy() and global variables to 'get' and 'set' functions. In particular, the 'set' function sainity-checks the input, in the same way as we always have. Andrew Bartlett (This used to be commit e57a896f06b16fe7e336e1ae63a0c9e4cc75fd36)
2002-08-06fixed 'net ads chostpass' for new ads structuresAndrew Tridgell1-1/+11
(This used to be commit 3b0e60e522b669bad77e70d9c6f484a08ff84612)
2002-08-05added 'net rpc testjoin' and 'net ads testjoin' commandsAndrew Tridgell3-20/+125
unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library. (This used to be commit 87c34a974a91e940bd26078a68dd84f4341d6913)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell3-31/+63
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-08-04passwords where not checked (you cannot check if the same buffer differs ↵Simo Sorce1-6/+18
from itself). they where alo not clean after use! Simo. (This used to be commit 5a257096e9afdcd1dea863dff43952457a74a9f1)
2002-08-02Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter1-0/+17
(This used to be commit 7bf9ca6ca36fa319a57eab05567d49a003237bb5)
2002-07-31fixed a net crash bug if we can't find a DC in a 'net rpc' commandAndrew Tridgell1-0/+4
(This used to be commit ced5dc4e05badfb07cbae7a2880825b9bad4e68d)
2002-07-31make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell1-0/+4
our smb.conf setup. (This used to be commit cffa881092e48db10a712575a8671f695e8ef813)
2002-07-30net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell1-0/+1
very useful in scripts (This used to be commit fc0d5479b575c1f495b9251413eed18ec1e37e02)
2002-07-29Use common popt definition for -d option.Tim Potter2-3/+2
(This used to be commit 8c17904848a6206ab35652625ff5f3afcf6bcb0d)
2002-07-28Add the ability to set account policies too.Andrew Bartlett1-7/+25
Andrew Bartlett (This used to be commit 2bf6edf78b64335bf10c10c893d6e8fa0fac708b)
2002-07-28Clean this code up a little. If it's alrady asprintf()ed, I see noAndrew Bartlett1-2/+3
need for a manual strdup() too... (This used to be commit 71452365c8d9aa3d06b64716636a32bfebd3d4f8)
2002-07-27Rafal 'Mimir' Szczesniak <mimir@diament.ists.pwr.wroc.pl> has been busyAndrew Bartlett2-54/+307
again, and has added 'net rpc trustdom list' support. This lists the trusted and trusting domains of a remote PDC. I've applied these almost directly, just fixing some special case code for when there are *no* trusting domains. We still have some parse errors in this case however. Andrew Bartlett. From mimir's e-mail: Here are another patches adding trust relationship features. More details: Better error reporting in cli_lsa_enum_trust_dom(). Implementation of cli_samr_enum_dom_users() which cli_samr.c lacked. More "consts" -- one of arguments in net_find_dc(). Modified implementation of run_rpc_command() -- now it allows to reuse already opened connection (if it is passed) to remote server's IPC$ (e.g. as part of longer exchange of rpc calls). I'm sure Andrew will argue ;-) More neat version of rpc_trustdom_list() function. (This used to be commit f0890026820ee3e432147130b46de4610e583381)