summaryrefslogtreecommitdiff
path: root/source3/utils
AgeCommit message (Collapse)AuthorFilesLines
2003-06-25large change:Gerald Carter3-13/+11
*) consolidates the dc location routines again (dns and netbios) get_dc_list() or get_sorted_dc_list() is the authoritative means of locating DC's again. (also inludes a flag to get_dc_list() to define if this should be a DNS only lookup or not) (however, if you set "name resolve order = hosts wins" you could still get DNS queries for domain name IFF ldap_domain2hostlist() fails. The answer? Fix your DNS setup) *) enabled DOMAIN<0x1c> lookups to be funneled through resolve_hosts resulting in a call to ldap_domain2hostlist() if lp_security() == SEC_ADS *) enables name cache for winbind ADS backend *) enable the negative connection cache for winbind ADS backend *) removes some old dead code *) consolidates some duplicate code *) moves the internal_name_resolve() to use an IP/port pair to deal with SRV RR dns replies. The namecache code also supports the IP:port syntax now as well. *) removes 'ads server' and moves the functionality back into 'password server' (which can support "hostname:port" syntax now but works fine with defaults depending on the value of lp_security()) (This used to be commit d7f7fcda425bef380441509734eca33da943c091)
2003-06-24Fixes from Martin Dorey <mdorey@bluearc.com> to only ask for and changeJeremy Allison1-7/+6
the requested parts of the ACL. Jeremy. (This used to be commit c35a88201c619f0ebbaf38adbd0ec2af77e23981)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-21(fixing bug in my last commit)Andrew Bartlett1-6/+6
This isn't C++ - start your code *after* all the variables are declared... Andrew Bartlett (This used to be commit b7760faedc2181538ffc325e727808e6df8f943f)
2003-06-21This removes the StrCaseCmp() stuff from 'net idmap' and 'netAndrew Bartlett4-178/+202
groupmap'. The correct way to implement this stuff is via a function table, as exampled in all the other parts of 'net'. This also moves the idmap code into a new file. Volker, is this your code? You might want to put your name on it. Andrew Bartlett (This used to be commit 477f2d9e390bb18d4f08d1cac9c981b73d628c4f)
2003-06-20Fix bug #136. Add message about erroneous empty "passdb backend" parameter.Jim McDonough1-0/+4
(This used to be commit 897125a9dbbd3f921d944e7bb7c5694a130c5173)
2003-06-18Ok, this patch removes the privilege stuff we had in, unused, for some time.Simo Sorce4-44/+13
The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e)
2003-06-16Replace all use of bzero with memset ...Richard Sharpe1-15/+15
(This used to be commit e21aab516b33b01536dd9ea067a16b94a38ff4b1)
2003-06-16This glosses over John's problem at SambaXP 2003. When we want to joinVolker Lendecke1-3/+17
a NT4 domain as a BDC with an existing workstation account (existing bdc is fine), we fail. Print a friendly error message in this case. The correct solution would probably be to delete the account and try again. But even this makes us better than NT: NT4 fails in this situation with an empty warning message box and an unusable BDC. It has unsuccessfully tried to suck down the domain database, and thus has no administrator account to log in after reboot.... Volker (This used to be commit 1ddeea2179b11cedccf205c7ffea523ee6750b24)
2003-06-16Fix misleading debug message.Volker Lendecke1-1/+1
Volker (This used to be commit a4f76f2520515d820eb4a320036b998c88c596a8)
2003-06-16Make net rpc vampire return an error if the sam sync RPC returns an error.Tim Potter1-9/+29
E.g if we are pointing at a win2k native mode domain we are returned an NT_STATUS_NOT_SUPPORTED error. (This used to be commit 6053c30f26cdf60f2bbfa6fb58ced6f7bcbd2e83)
2003-06-16another improved debug statementAndrew Tridgell1-1/+1
(This used to be commit ac69b9c83cde306f89143fe43038adff876dd0b0)
2003-06-14Add 'net idmap restore'. This restores a broken idmap fileVolker Lendecke2-0/+73
from the output of 'net idmap dump'. 'net idmap dump' now also prints the USER/GROUP HWM. Volker (This used to be commit c0575be936572bb091a77c58361bd3a4fe9549ff)
2003-06-14This patch modifies 'net rpc vampire' to add new and existing users to bothAndrew Bartlett2-20/+43
the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7)
2003-06-13Trivial extension to 'net' to dump current local idmap.Volker Lendecke2-0/+62
(This used to be commit 18f3a5efea7c60d764d5ed82f3a83e1608f8c34e)
2003-06-12Fix for bug#3. Show comments when doing 'net group -l'.Volker Lendecke1-16/+80
Volker (This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
2003-06-12Working on bug#3. We want all of the aliases, so start with 0.Volker Lendecke1-0/+2
Volker (This used to be commit ec1a58d09e08583288b18747a0c82e5cf8139b63)
2003-06-10More updates on editreg.c to bring it better in line with the Samba source.Richard Sharpe1-21/+21
(This used to be commit dc69a638b9e12726f050d79b63f92f816c35fe8f)
2003-06-10use lp_realm() to find the default realm for 'net ads password'Andrew Tridgell1-10/+24
(This used to be commit 21d92802781ac224f569a990df3ec1070f0da434)
2003-06-08Make sure that we use schannel (if configured) when checking for a validAndrew Bartlett1-12/+13
join to the DC. Andrew Bartlett (This used to be commit af526fa9b39ab1f8483d5cee66321bc12f78ac05)
2003-05-30Fix bug #137: krb5_set_password is already defined in MIT 1.3 libs, soJim McDonough1-1/+2
we wouldn't build. (This used to be commit 0e9836c4e9e71494b10d71a5f3d5f7da2888c5ef)
2003-05-29Setting account policy values is done using -C, not -V. Fixes bug #120Jelmer Vernooij1-1/+1
(This used to be commit daf443757b62bd3c254a303d638bfd030b4acd2a)
2003-05-20Fix bug #96: Use DNS decompression to properly parse cldap netlogonJim McDonough1-110/+132
packets, otherwise repeated components will not decode correctly. Thanks to aliguori@us.ibm.com for the fix, and lukeh@padl.com for pointing us to the right docs. (This used to be commit a8d5d74cf80c6cae3eac1daa3f88d56373789560)
2003-05-15Patch from "Alex Deiter" <tiamat@komi.mts.ru> to fix incorrect error check.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 43ca4b8a8425b97a6bea08b91420bac6cde807b3)
2003-05-12Fix obvious compiler warnings.Jeremy Allison2-2/+1
Jeremy. (This used to be commit 2a6d0c2481c3c34351e57c30a85004babdbf99b0)
2003-05-12And finally IDMAP in 3_0Simo Sorce2-37/+27
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-12Re-enable secure channel for net rpc vampire.Tim Potter1-8/+13
Jump out of sam entry processing loop if the return value from cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES. (This used to be commit 47d8ee3679292ece5d86df11bc56c9b4d71f3d11)
2003-05-12Fix up a bit of my sloppy C.Andrew Bartlett1-3/+2
(This used to be commit f67cc24acf37a9f46427c993574ecf261d7aec1a)
2003-05-12Give up on the idea of avoiding lp_load() in ntlm_auth....Andrew Bartlett1-8/+18
Also, we might be given a 0 length challenge, so don't smb_panic() for smb_xmalloc() of zero size. Andrew Bartlett (This used to be commit 4842de04cf2e1528e726dfad070dfe3a82f46fa2)
2003-05-12Make it possible to actually use --user-SID and --group-SID on a standard ↵Andrew Bartlett1-2/+2
command line. Andrew Bartlett (This used to be commit dd14da756640ba36834a05b9da4759a809c0bb37)
2003-05-11Fix compile.Andrew Bartlett1-1/+1
(This used to be commit ca2e453c7838b6d0ed2d0a45124d162073bbbf99)
2003-05-11Set the password for a newly created trustdom account. Tested againstVolker Lendecke1-3/+34
PDCs running NT4SP1, NT4SP6 and Samba 3.0. Volker (This used to be commit 2143446043b2c29027cf69554caddf41274df709)
2003-05-10Reverse previous patch from Stefan and me after comments by Andrew BartlettJelmer Vernooij15-34/+0
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
2003-05-10Patch from metze and me that adds dummy smb_register_*() functions soJelmer Vernooij15-0/+34
that is now possible to, for example, load a module which contains an auth method into a binary without the auth/ subsystem built in. (This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
2003-05-09Finally get NTLMv2 working on the client!Andrew Bartlett1-84/+29
With big thanks to tpot for the ethereal disector, and for the base code behind this, we now fully support NTLMv2 as a client. In particular, we support it with direct domain logons (tested with ntlm_auth --diagnostics), with 'old style' session setups, and with NTLMSSP. In fact, for NTLMSSP we recycle one of the parts of the server's reply directly... (we might need to parse for unicode issues later). In particular, a Win2k domain controller now supplies us with a session key for this password, which means that doman joins, and non-spnego SMB signing are now supported with NTLMv2! Andrew Bartlett (This used to be commit 9f6a26769d345d319ec167cd0e82a45e1207ed81)
2003-05-09Fix bug #4 for net rap. Allow more than 50 chars for long form listings of ↵Jim McDonough1-2/+2
users and groups. (This used to be commit dcc6d9e76c737400aaffdd4f261fd0f191aaeea8)
2003-05-09Sync up to head ...Richard Sharpe1-34/+100
(This used to be commit 045210e129e6e0aef8f847e7ed8714d0d9974e7f)
2003-05-09Sync to the changes in head ...Richard Sharpe1-1/+1
(This used to be commit 7f76eac5a0f93107d990b0fde651838c38970092)
2003-05-09Added some more diagnostic tests to check out a theory that having either hashTim Potter1-12/+174
- auth with ntlmv2 and lmv2 but deliberately break the ntlmv2 hash - auth with ntlmv2 and lmv2 but deliberately break the lmv2 hash - auth with ntlm and lm but deliberately break the ntlm hash - auth with ntlm and lm but deliberately break the lm hash My theory is that the NTLM or NTLMv2 field must be correct and if it is, it doesn't matter what the value of the LM or LMv2 field is. Fixed cosmetic test name display bug. (This used to be commit 5dcde9451bd0d6a7462b77cf5ed137bfd691adaa)
2003-05-09Fix up a bunch of problems in editreg.cRichard Sharpe1-16/+16
Now the build farm will no doubt find more. (This used to be commit e91e648c9b0841fbffbc8f39e71abade0996a1e7)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+7
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-05-07Fix the spinning bug for 'net rpc user' as well - there are more errors inAndrew Bartlett1-4/+4
this world than 'status more entires'... Also move all the cases to 'NT_STATUS_EQUAL()' to test it. Andrew Bartlett (This used to be commit b4645bf0661dadcd077b21bb6f6452ed8b2eb726)
2003-05-05Fix up some of the warnings that the build farm is finding ...Richard Sharpe1-3/+2
(This used to be commit 29d775fe68be8988e344c35106a80d6ca8236e4d)
2003-05-05Syncronize head editreg.c with 3.0.0 ...Richard Sharpe1-93/+1200
(This used to be commit 8257f537de57a2681e6d9cc2c421435b1d751a60)
2003-05-05We also get back the LM session key on pure 'NTLM' logins.Andrew Bartlett1-1/+16
Andrew Bartlett (This used to be commit 7342c70b4cecfc1f42c46b19360db6c077604be2)
2003-05-05Turn off using lsa_qos in OpenPolicy call. This way we avoid annoyingRafal Szczesniak1-2/+2
debug msg while establishing trust and listing relations of Samba PDC. Rafal (This used to be commit 8681cbae0d142a1f9ac537cb22e611a6f5262b54)
2003-05-05Add some comments.Andrew Bartlett1-0/+34
(This used to be commit 855fab395f97dd232fd9bb78e62ad12b16fe2a24)
2003-05-05Add some more tests to the ntlm_auth diagnositics package.Andrew Bartlett1-9/+373
Our NTLMv2 client code needs work, becouse we don't get the session key for any of the NTLMv2 stuff... Also test some of the more 'odd' auth cases - like putting the NT password into the LM feild. Clean up some static globals into static locals. Andrew Bartlett (This used to be commit 62f0acc99166e9518f59bc5d091b76c35837e65c)
2003-05-05Fix some compiler warnings.Tim Potter1-4/+1
(This used to be commit 52d5ff7bdafabb421e76b6b19d95be22b380ddb4)
2003-05-04Patch from Ken Cross to allow an ADS domain join with a username of the formAndrew Bartlett1-2/+18
user@realm, where realm might not be the realm we are joining. Andrew Bartlett (This used to be commit 00e08efb5cd21bf42be9125d3188efbf9d13b8b7)