summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2012-05-15s3: Fix Coverity ID 242710 Untrusted pointer readVolker Lendecke1-1/+1
According to susv3 we have to make sure that we call isupper with values only in the range of an unsigned char. This is best achieved by automatic narrowing through assignment.
2012-05-15s3-auth: remove "security=server" (depricated since 3.6)Stefan Metzmacher1-4/+2
"security=server" has a lot of problems in the world with modern security (ntlmv2 and krb5). It was also not very reliable, as it needed a stable connection to the password server for the lifetime of the whole client connection! Please use "security=domain" or "security=ads" is you authentication against remote servers (domain controllers). metze -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SERVER | | security=server | | | | | | 12 May | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-05-10s3: Fix Coverity ID 242725 Uninitialized scalar variableVolker Lendecke1-0/+1
Not a functional bug, but we copy all of the "key" structure inside dcerpc_winreg_CreateKey.
2012-05-10s3: Fix Coverity ID 242726 Uninitialized scalar variableVolker Lendecke1-1/+1
Not a functional bug, but we copy all of the "key" structure inside dcerpc_winreg_OpenKey.
2012-05-10s3: Fix Coverity ID 242754 Dereference null return valueVolker Lendecke1-1/+1
2012-05-08s3-net: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2012-04-30net: Let get*sid return error from passdb initChristof Schmitt1-6/+4
When initialize_password_db returns an error this means that the SID stored in the backend cannot be read. Return this error directly instead of creating a random SID through get_global_sam_sid. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon Apr 30 13:07:20 CEST 2012 on sn-devel-104
2012-04-25s3:registry: remove usage of reg_objects from net_rpc_printer.cGregor Beck1-131/+71
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25s3:eventlogadm make a transaction for addsourceGregor Beck1-1/+14
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25s3:eventlogadm reimplement addsource using reg_apiGregor Beck1-95/+91
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-24s3: Attempt to fix the build without kerberosVolker Lendecke1-0/+3
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-1/+3
2012-04-21s3:smbcontrol: remove an unused variableMichael Adam1-4/+0
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sat Apr 21 00:55:13 CEST 2012 on sn-devel-104
2012-04-20s3:id_cache: do not use the in-memory idmap cache (it is going to be removed)Michael Adam1-6/+3
This also removes the ID_CACHE_FLUSH message.
2012-04-19s3-g_lock: Use dbwrap_record_watch_send/recvVolker Lendecke1-3/+2
This simplifies the g_lock implementation. The new implementation tries to acquire a lock. If that fails due to a lock conflict, wait for the g_lock record to change. Upon change, just try again. The old logic had to cope with pending records and an ugly hack into ctdb itself. As a bonus, we now get a really clean async g_lock_lock_send/recv that can asynchronously wait for a global lock. This would have been almost impossible to do without the dbwrap_record_watch infrastructure.
2012-04-19s3-dbwrap: Add "listwatchers" to dbwrap_toolVolker Lendecke1-9/+62
2012-04-19s3: Fix Coverity ID 2727 to 2740 -- UNINITVolker Lendecke1-7/+12
2012-04-19s3: Fix a "ISO C90 forbids mixed declarations and code"Volker Lendecke1-3/+7
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
2012-04-17s3: Add smbstatus -N to output the notify dbVolker Lendecke1-0/+40
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 17 11:54:35 CEST 2012 on sn-devel-104
2012-04-17s3: Add "notify-cleanup" to smbcontrolVolker Lendecke1-0/+13
This triggers a notify cleanup run which would normally only run periodically
2012-04-06s3-utils: add do_reload_printers command to smbcontolBjörn Baumbach1-0/+14
Add command to force smbd to reload printers by sending MSG_PRINTER_PCAP.
2012-04-05build: Remove SMB_STRUCT_DIR defineAndrew Bartlett1-3/+3
2012-04-05build: Remove SMB_STRUCT_DIRENT defineAndrew Bartlett1-2/+2
2012-04-05build: Remove sys_closedir wrapperAndrew Bartlett1-7/+7
2012-04-05build: Remove sys_readdir wrapperAndrew Bartlett1-2/+2
2012-04-05build: Remove sys_opendir wrapperAndrew Bartlett1-3/+3
2012-04-05build: Remove sys_open wrapperAndrew Bartlett1-2/+2
2012-04-03s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmsspAndrew Bartlett1-178/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSPAndrew Bartlett1-2/+3
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-ntlm_auth: add ntlm_auth_generate_session_info_pac()Andrew Bartlett1-0/+144
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-ntlm_auth Use GENSEC for gss-spnego serverAndrew Bartlett1-404/+390
This imports the gensec handling code from the source4 ntlm_auth, which will eventually be used for all the NTLMSSP and SPNEGO clients and servers but which is only used for gss-spnego for now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-03-30More strlcat/strlcpy truncate checks.Jeremy Allison1-3/+9
2012-03-24use usleep rather than sys_usleep in various places, in anticipation of ↵Jelmer Vernooij2-2/+2
usleep moving to libreplace.
2012-03-15s3-krb5: Remove GSS_WRAP_IOV conditionalAndrew Bartlett1-1/+1
We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett
2012-03-10s3: fix build on AIXBjörn Jacke1-1/+2
Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Sat Mar 10 19:07:20 CET 2012 on sn-devel-104
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-4/+0
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3: print a nice warning when HAVE_ADS is not enabled but you still try to ↵Matthieu Patou1-0/+5
do net rpc keytab vampire
2012-03-01s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnegoAndrew Bartlett1-16/+5
The SPNEGO code changed since this was last tested. Andrew Bartlett
2012-03-01s3-ntlm_auth: Wrap kerberos token in GSSAPIAndrew Bartlett1-2/+6
While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt <christof.schmitt@us.ibm.com> Andrew Bartlett
2012-03-01s3-ntlm_auth: Add --target-service and --target-hostname optionsAndrew Bartlett1-9/+40
This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett
2012-02-24Remove unused function.Jeremy Allison1-21/+0
2012-02-24s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett1-99/+327
This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
2012-02-23s3-utils: Remove unused connect_to_ipc_krb5()Andrew Bartlett2-57/+0
Found by callcatcher. Andrew Bartlett
2012-02-20s3-ntlm_auth: allow ntlm_auth --diagnostics to pass againAndrew Bartlett3-8/+12
This still requires that the server permit LM passwords, but our s3dc test environment has this enabled. Andrew Bartlett
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)1-2/+2
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-09s3-net: Don't use an internal krb5 for kdc lookup.Andreas Schneider1-19/+23
This replaces the use of the internal krb5_locate_kdc() function with our own get_kdc_list() function. Signed-off-by: Günther Deschner <gd@samba.org>
2012-02-03Only ask for specific permissions required when setting an ACL.Jeremy Allison1-3/+12
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
2012-01-31s3:net ads join: remove a useless empty comment blockMichael Adam1-2/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Jan 31 18:37:45 CET 2012 on sn-devel-104
2012-01-31s3:net ads join: add a comment for the call to _net_ads_join_dns_update()Michael Adam1-0/+5
2012-01-31s3:net ads join: reduce indentation in _net_ads_join_dns_updates()Michael Adam1-46/+47