summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2004-02-19Enable checking/resetting of account lockout and bad password based on policyJim McDonough1-3/+17
(This used to be commit bd2e55399c21707d40199e4b519daefd897aadc7)
2004-02-19Add bad password reset and display of bad password count/timeJim McDonough1-3/+25
(This used to be commit 34fe16e445bd9da762cedb0dd0872959f31ecd67)
2004-02-17Don't try to show groups that could not be listed.Volker Lendecke1-0/+9
Volker (This used to be commit d713e76a24583acaffa0be67838e7629b980ff29)
2004-02-17If there are no alias members, don't ask for their sids :-)Volker Lendecke1-0/+4
Volker (This used to be commit 99f03a641e4fd75c3bafb8bd153687743317a3dc)
2004-02-16Fix success message for net groupmap modifyVolker Lendecke1-1/+1
Volker (This used to be commit 19b30334a7c0f6abde6dfc81550e50aa823117c2)
2004-02-13Fix ETA Calculation when resumingJelmer Vernooij1-1/+1
(This used to be commit a5f09f0991e5a5bd9538211b0d430020052670c8)
2004-02-11fix set/getsampwent iterator in tdbsam to use an allocated listGerald Carter1-2/+4
(This used to be commit 8734d91cd7681219f1389e3c41979028eadbb7fe)
2004-02-11BUG 1055; patch from SATOH Fumiyasu <fumiya@miraclelinux.com>; formatting ↵Gerald Carter2-5/+6
fixes for 'net share' (This used to be commit 44db163b3001d8dc50b64bac7fd12be1147e14b7)
2004-02-09Expand 'net rpc group members' to local groups.Volker Lendecke1-49/+175
Volker (This used to be commit 90fabe6ec004ab95739100b6cd5b7cbd87e67e24)
2004-02-08Make it possible to 'net rpc samdump' of any domain you are currently joinedAndrew Bartlett3-89/+116
to, despite any smb.conf settings. Work to allow the same for 'net rpc vampire', but instead give a clear error message on what is incorrect. Andrew Bartlett (This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb)
2004-02-08Add some help for 'net rpc password'.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 4c7d6b9be393f1f5697afe0671f15651ac6282f3)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett2-7/+7
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-02-08Make this table static const.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 0686bc9e076c722e33dd9b236cf7c33d448c3b34)
2004-02-07I should have done this years ago...Andrew Bartlett1-0/+131
This adds the very simple 'admin set password' capability to 'net rpc', much as we have it for 'net ads'. Andrew Bartlett (This used to be commit ced7fb55276f3d21d69b85b40d3f64c5e790bcc9)
2004-02-04This should be the correct fix for the lack of a prototype forAndrew Bartlett1-6/+0
remote_password_change(). Sorry for the original bug. Andrew Bartlett (This used to be commit 955436a6f6d7c2f580b2c4e1edbb7ee2fe5df858)
2004-02-02fix problems with proto.hGerald Carter1-1/+1
(This used to be commit 5a32f9568f128374df98491b43e6f5b299cb656c)
2004-02-02remerge andrew's cracklib patch from HEAD and fix a compile warningsGerald Carter1-0/+7
(This used to be commit b60f6ec30d05e4e5bba9934a416ddc8bc089824f)
2004-01-29more initialization fixesGerald Carter1-0/+41
(This used to be commit 9e590d603547ef1e8388bea66eb5d44e4dfd6412)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett2-15/+2
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-21Fix compiler warningVolker Lendecke1-0/+2
(This used to be commit 413ed77142377351a0ed1c6cf800a14809e56e9c)
2004-01-21Display some nicer error messages for login via 'net'. I don'tVolker Lendecke1-0/+8
see a reason why we have so many special cases and not simply use nt_errstr(nt_status). Comments? Volker (This used to be commit ea1a5fb30357f4fe70139ff5583d09cef9fdaa62)
2004-01-16Fix another join problem. Don't use a TALLOC_CTX before it has beenJim McDonough1-4/+25
initialized. Also split out the oldstyle join into a new fn, allowing us to call it with no failure message from net rpc join, but displaying a failure message when used with net rpc oldjoin. (This used to be commit 07d6ed4343d7a2575dc974bfbc498b14784b2dc1)
2004-01-15Fix net rpc join (at least newstyle) after it was broken by changingJim McDonough1-5/+5
the parms to cli_lsa_query_info_policy without changing them here... (This used to be commit a885df7635a9230bc6cca88e7e8fb1420c74c7fb)
2004-01-12fixing compile problems due to my recent ads.h changesGerald Carter1-1/+1
(This used to be commit d7b6298b9e4e7f83deaa2c6f3d711c390ff9cefd)
2004-01-08This merges in my 'always use ADS' patch. Tested on a mix of NT and ADSAndrew Bartlett2-31/+24
domains, this patch ensures that we always use the ADS backend when security=ADS, and the remote server is capable. The routines used for this behaviour have been upgraded to modern Samba codeing standards. This is a change in behaviour for mixed mode domains, and if the trusted domain cannot be reached with our current krb5.conf file, we will show that domain as disconnected. This is in line with existing behaviour for native mode domains, and for our primary domain. As a consequence of testing this patch, I found that our kerberos error handling was well below par - we would often throw away useful error values. These changes move more routines to ADS_STATUS to return kerberos errors. Also found when valgrinding the setup, fix a few memory leaks. While sniffing the resultant connections, I noticed we would query our list of trusted domains twice - so I have reworked some of the code to avoid that. Andrew Bartlett (This used to be commit 7c34de8096b86d2869e7177420fe129bd0c7541d)
2004-01-07Add smbget utility, a simple wget-like utility that uses libsmbclient.Jelmer Vernooij1-0/+574
Supports recursive downloads and resume, progress indication and shows estimated time remaining. (This used to be commit 82bd1b45a4205706b57bae42c7b03974f8b44753)
2004-01-06Fix -s option to smbcontrol (#908)Jelmer Vernooij1-1/+1
(This used to be commit 7495395c1cc3b09b27d6eeb7dff6f214701d03d6)
2004-01-06Patch based on work from James Peach <jpeach@sgi.com> to convert over toJeremy Allison1-0/+6
using pread/pwrite. Modified a little to ensure fsp->pos is correct. Fix for #889. Jeremy. (This used to be commit 019aaaf0df091c3f67048f591e70d4353a02bb9b)
2004-01-02JHT came up with a nasty (broken) torture case in preparing examples forAndrew Bartlett2-5/+4
his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0)
2003-12-30Get the DOMAIN\username around the right way (I had username\domain...)Andrew Bartlett1-1/+3
Push the unix username into utf8 for it's trip across the socket. Andrew Bartlett (This used to be commit 3225f262b18bdcf326d3bfd031dac169bd9347c9)
2003-12-30Try to gain a bit more consistancy in the output of usernames from ntlm_auth:Andrew Bartlett1-11/+23
Instead of returning a name in DOMAIN\user format, we now return it in the same way that nsswtich does - following the rules of 'winbind use default domain', in the correct case and with the correct seperator. This should help sites who are using Squid or the new SASL code I'm working on, to match back to their unix usernames. Andrew Bartlett (This used to be commit 7a3a5a63612b2698a39f784859496c395505a79b)
2003-12-30Make the name of the NTLMSSP client more consistant before we lock it in stone.Andrew Bartlett1-2/+2
(This used to be commit 0fa268863b7352343eb7f211181a02f60848bd0c)
2003-12-30Remove testing hackAndrew Bartlett1-2/+0
(This used to be commit 96f3beb462a6d4a489e894c1f05c528107135b3a)
2003-12-30Move our basic password checking code from inside the authenticationAndrew Bartlett1-54/+254
subsystem into a seperate file - ntlm_check.c. This allows us to call these routines from ntlm_auth. The purpose of this exercise is to allow ntlm_auth (when operating as an NTLMSSP server) to avoid talking to winbind. This should allow for easier debugging. ntlm_auth itself has been reorgainised, so as to share more code between the SPNEGO-wrapped and 'raw' NTLMSSP modes. A new 'client' NTLMSSP mode has been added, for use with a Cyrus-SASL module I am writing (based on vl's work) Andrew Bartlett (This used to be commit 48315e8fd227978e0161be293ad4411b45e3ea5b)
2003-12-30Refactor our authentication and authentication testing code.Andrew Bartlett1-342/+181
The next move will be to remove our password checking code from the SAM authentication backend, and into a file where other parts of samba can use it. The ntlm_auth changes provide for better use of common code. Andrew Bartlett (This used to be commit 2375abfa0077a884248c84614d5109f57dfdf5b1)
2003-12-26Collecting some minor patches...Volker Lendecke1-8/+10
This adds the ability to specify the new user password for 'net ads password' on the command line. As this needs the admin password on the command line, the information leak is minimally more. Patch from gd@suse.de Volker (This used to be commit e6b4b956f68bfea69b2de3608b4c829250d24a7a)
2003-12-24Thanks to Serassio Guido for noticing issues in our Squid NTLMSSPAndrew Bartlett1-4/+9
implementation. We were not resetting the NTLMSSP state for new negotiate packets. Andrew Bartlett (This used to be commit e0a026c9b561893e5534923b18ca748e6177090e)
2003-12-01In the brief 'net rpc group' listing, don't cut off group names at 21 chars.Volker Lendecke1-3/+3
Volker (This used to be commit 5d0b8280f6c4990ee3a26c310efebfa859ee21be)
2003-12-01Beautify the net status help message a bitVolker Lendecke1-4/+4
Volker (This used to be commit e9391e206a8cdbcc08597a33b557b86f9a5d73ce)
2003-12-01I needed a decently parseable format of smbstatus. Looking at smbstatus codeVolker Lendecke3-0/+268
tells me that this should not be expanded, so I implemented net status [sessions|shares] [parseable] Volker (This used to be commit 63d877c6b4786dcddf5f389842f798857be282c0)
2003-11-28Implement 'net rpc group list [global|local|builtin]*' for a select listing ofVolker Lendecke2-0/+36
the respective user databases. Volker (This used to be commit 39e4ee0c5be9f8d5a26b03ae17865b8e576b0b62)
2003-11-27Fix for pdbedit error code returns (sorry, forgot who sent in the patch).Jeremy Allison1-2/+11
Jeremy. (This used to be commit 685097bc50a8ef387c5082401858d482329c37bc)
2003-11-27Only ask for 512 names at a time.Volker Lendecke1-8/+19
Volker (This used to be commit d5775b7106dc5d6326db89f7369d2ffd61646426)
2003-11-26Implement "net rpc group members": Get members of a domain group inVolker Lendecke2-0/+89
human-readable format. Volker (This used to be commit 4e3a2eb8e04c3a669d94e38d81e994606fa6ef9d)
2003-11-26Get rid of a const warningVolker Lendecke1-2/+2
Volker (This used to be commit 94860687c535ace0c962ca3fe7da59df05325c62)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett2-5/+5
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-72/+112
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-12show locked files for -u <user>; bug 590Gerald Carter1-10/+41
(This used to be commit d72d77c42741714f2e32d0e24e706929242f1c62)
2003-11-06Final round of printf warnings fixes for the moment.Tim Potter3-4/+5
(This used to be commit 0519a7022b4979c0e8ddd4907f4b858a59299c06)
2003-10-24Add shutdown abort try over initshutdown pipe first, then fall back toJim McDonough1-4/+49
winreg pipe if it doesn't work. Fixes bug #534. I will go back and add the same logic for the shutdown itself, even though that works so far against win2k (haven't tested all win clients). (This used to be commit e660b04e8f2446bb8a6590e9afcb5ab49f90a701)
generated by cgit (git 2.34.1) at 2024-09-09 11:01:09 +0000