summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2012-04-30net: Let get*sid return error from passdb initChristof Schmitt1-6/+4
When initialize_password_db returns an error this means that the SID stored in the backend cannot be read. Return this error directly instead of creating a random SID through get_global_sam_sid. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Mon Apr 30 13:07:20 CEST 2012 on sn-devel-104
2012-04-25s3:registry: remove usage of reg_objects from net_rpc_printer.cGregor Beck1-131/+71
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25s3:eventlogadm make a transaction for addsourceGregor Beck1-1/+14
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-25s3:eventlogadm reimplement addsource using reg_apiGregor Beck1-95/+91
Signed-off-by: Andreas Schneider <asn@samba.org>
2012-04-24s3: Attempt to fix the build without kerberosVolker Lendecke1-0/+3
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 24 15:04:14 CEST 2012 on sn-devel-104
2012-04-23Make krb5 wrapper library common so they can be used all overSimo Sorce1-1/+3
2012-04-21s3:smbcontrol: remove an unused variableMichael Adam1-4/+0
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sat Apr 21 00:55:13 CEST 2012 on sn-devel-104
2012-04-20s3:id_cache: do not use the in-memory idmap cache (it is going to be removed)Michael Adam1-6/+3
This also removes the ID_CACHE_FLUSH message.
2012-04-19s3-g_lock: Use dbwrap_record_watch_send/recvVolker Lendecke1-3/+2
This simplifies the g_lock implementation. The new implementation tries to acquire a lock. If that fails due to a lock conflict, wait for the g_lock record to change. Upon change, just try again. The old logic had to cope with pending records and an ugly hack into ctdb itself. As a bonus, we now get a really clean async g_lock_lock_send/recv that can asynchronously wait for a global lock. This would have been almost impossible to do without the dbwrap_record_watch infrastructure.
2012-04-19s3-dbwrap: Add "listwatchers" to dbwrap_toolVolker Lendecke1-9/+62
2012-04-19s3: Fix Coverity ID 2727 to 2740 -- UNINITVolker Lendecke1-7/+12
2012-04-19s3: Fix a "ISO C90 forbids mixed declarations and code"Volker Lendecke1-3/+7
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Thu Apr 19 10:32:27 CEST 2012 on sn-devel-104
2012-04-17s3: Add smbstatus -N to output the notify dbVolker Lendecke1-0/+40
Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Tue Apr 17 11:54:35 CEST 2012 on sn-devel-104
2012-04-17s3: Add "notify-cleanup" to smbcontrolVolker Lendecke1-0/+13
This triggers a notify cleanup run which would normally only run periodically
2012-04-06s3-utils: add do_reload_printers command to smbcontolBjörn Baumbach1-0/+14
Add command to force smbd to reload printers by sending MSG_PRINTER_PCAP.
2012-04-05build: Remove SMB_STRUCT_DIR defineAndrew Bartlett1-3/+3
2012-04-05build: Remove SMB_STRUCT_DIRENT defineAndrew Bartlett1-2/+2
2012-04-05build: Remove sys_closedir wrapperAndrew Bartlett1-7/+7
2012-04-05build: Remove sys_readdir wrapperAndrew Bartlett1-2/+2
2012-04-05build: Remove sys_opendir wrapperAndrew Bartlett1-3/+3
2012-04-05build: Remove sys_open wrapperAndrew Bartlett1-2/+2
2012-04-03s3-ntlm_auth: use manage_gensec_request for squid-2.5-ntlmsspAndrew Bartlett1-178/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-auth: Order GENSEC mechs by priority, krb5 before NTLMSSPAndrew Bartlett1-2/+3
Otherwise, really simple clients (such as the current ntlm_auth gss-spnego client) will not select krb5. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-ntlm_auth: add ntlm_auth_generate_session_info_pac()Andrew Bartlett1-0/+144
Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-04-03s3-ntlm_auth Use GENSEC for gss-spnego serverAndrew Bartlett1-404/+390
This imports the gensec handling code from the source4 ntlm_auth, which will eventually be used for all the NTLMSSP and SPNEGO clients and servers but which is only used for gss-spnego for now. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-03-30More strlcat/strlcpy truncate checks.Jeremy Allison1-3/+9
2012-03-24use usleep rather than sys_usleep in various places, in anticipation of ↵Jelmer Vernooij2-2/+2
usleep moving to libreplace.
2012-03-15s3-krb5: Remove GSS_WRAP_IOV conditionalAndrew Bartlett1-1/+1
We already confirm that we have this functionality before we set HAVE_KRB5 at configure time. Andrew Bartlett
2012-03-10s3: fix build on AIXBjörn Jacke1-1/+2
Autobuild-User: Björn Jacke <bj@sernet.de> Autobuild-Date: Sat Mar 10 19:07:20 CET 2012 on sn-devel-104
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-4/+0
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3: print a nice warning when HAVE_ADS is not enabled but you still try to ↵Matthieu Patou1-0/+5
do net rpc keytab vampire
2012-03-01s3-ntlm_auth fix up gss-spnego-client so as to work with gss-spnegoAndrew Bartlett1-16/+5
The SPNEGO code changed since this was last tested. Andrew Bartlett
2012-03-01s3-ntlm_auth: Wrap kerberos token in GSSAPIAndrew Bartlett1-2/+6
While windows will accept this ticket without the wrapping, it is nicer to follow the standard and wrap it up in GSSAPI. This should allow the ntlm_auth gss-spnego-client to talk to the ntlm_auth gss-spengo server. Reported by Christof Schmitt <christof.schmitt@us.ibm.com> Andrew Bartlett
2012-03-01s3-ntlm_auth: Add --target-service and --target-hostname optionsAndrew Bartlett1-9/+40
This will allow the gss-spnego-client protocol to work with modern SPNEGO servers that do not send the principal in the mechListMIC. Andrew Bartlett
2012-02-24Remove unused function.Jeremy Allison1-21/+0
2012-02-24s3-ntlm_auth: Convert ntlm_auth to use gensec_ntlmssp server-sideAndrew Bartlett1-99/+327
This uses the common gensec_ntlmssp server code for ntlm_auth, removing the last non-gensec use of the NTLMSSP server. Andrew Bartlett
2012-02-23s3-utils: Remove unused connect_to_ipc_krb5()Andrew Bartlett2-57/+0
Found by callcatcher. Andrew Bartlett
2012-02-20s3-ntlm_auth: allow ntlm_auth --diagnostics to pass againAndrew Bartlett3-8/+12
This still requires that the server permit LM passwords, but our s3dc test environment has this enabled. Andrew Bartlett
2012-02-16Rename obscure defined constants.Christopher R. Hertel (crh)1-2/+2
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT. Also replaced several hard-coded references to the well-known port numbers (139 and 445, respectively) as appropriate. Small changes to clarify some comments regarding the two transport types. Signed-off-by: Simo Sorce <idra@samba.org> Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
2012-02-09s3-net: Don't use an internal krb5 for kdc lookup.Andreas Schneider1-19/+23
This replaces the use of the internal krb5_locate_kdc() function with our own get_kdc_list() function. Signed-off-by: Günther Deschner <gd@samba.org>
2012-02-03Only ask for specific permissions required when setting an ACL.Jeremy Allison1-3/+12
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
2012-01-31s3:net ads join: remove a useless empty comment blockMichael Adam1-2/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Tue Jan 31 18:37:45 CET 2012 on sn-devel-104
2012-01-31s3:net ads join: add a comment for the call to _net_ads_join_dns_update()Michael Adam1-0/+5
2012-01-31s3:net ads join: reduce indentation in _net_ads_join_dns_updates()Michael Adam1-46/+47
2012-01-31s3:net ads join: move dns update code out to new function ↵Michael Adam1-77/+84
_net_ads_join_dns_updates()
2012-01-31s3:net ads join: improve comment for dns update blockMichael Adam1-4/+4
2012-01-31s3:net ads join: improve status evaluation for call to net_update_dns()Michael Adam1-2/+5
untangle assignment from check and log error code in message if failed.
2012-01-31s3:net ads join: interpret return code of ads_kinit_password() in dns update ↵Michael Adam1-1/+8
block If failed, print according error message and skip the attempt to do dns update.
2012-01-31s3:net ads join: check for malloc success and react accordingly in dns ↵Michael Adam1-0/+5
update block
2012-01-31s3:net ads join: check for success of fetching machine password in dns ↵Michael Adam1-0/+5
update block log and cleanup accordingly if failed