1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

253 Commits

Author SHA1 Message Date
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba.
Guenther
2009-11-26 20:03:17 +01:00
Jeremy Allison
5363d6e62c Ensure all callers to the rpc_client/cli_pipe functions correctly
initialize return variables.
Jeremy.
2009-11-12 13:56:33 -08:00
Günther Deschner
6ca8a40976 s3-net: better use memory credential cache in net_ads_kerberos_pac().
Guenther
2009-11-06 12:51:29 +01:00
Günther Deschner
58184b5fd4 s3-net: allow to call "net ads kerberos pac <impersonation principal> -P".
Guenther
2009-11-06 12:44:45 +01:00
Kai Blin
ceab454bcf s3 net: i18n support for net ads 2009-07-29 23:46:09 +02:00
Jeremy Allison
5d05d22999 Added prefer_ipv4 bool parameter to resolve_name().
W2K3 DC's can have IPv6 addresses but won't serve
krb5/ldap or cldap on those addresses. Make sure when
we're asking for DC's we prefer IPv4.
If you have an IPv6-only network this prioritizing code
will be a no-op. And if you have a mixed network then you
need to prioritize IPv4 due to W2K3 DC's.
Jeremy.
2009-07-28 11:51:58 -07:00
Kai Blin
67d9130c13 s3: net ads user info should print primary group as well (bug #2658)
Thanks to Pavel V. Rochnyack <rpv@muma.tusur.ru> for reporting this and
offering an initial patch.
2009-07-27 20:03:46 +02:00
Kai Blin
8f5ef10633 Revert "net: Use samba default command line arguments."
This reverts commit fb262f79fa
and related commits c36031778e
72fd5fa6bb and
38cd0e086f

This change caused more trouble than it solved. We need to do this differently.
Reverting so we don't accidently release this.
2009-07-22 13:39:34 +02:00
Volker Lendecke
c624a704be Make escape_ldap_string take a talloc context 2009-07-09 22:25:29 +02:00
Jim McDonough
7930f15f5d Don't require "Modify property" perms to unjoin bug #6481)
"net ads leave" stopped working when "modify properties"
permissions were not granted (meaning you had to be allowed
to disable the account that you were about to delete).

Libnetapi should not delete machine accounts, as this does not
happen on win32.  The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag
really means "disable" (both in practice and docs).

However, to keep the functionality in "net ads leave", we
will still try to do the delete.  If this fails, we try
to do the disable.

Additionally, it is possible in windows to not disable or
delete the account, but just tell the local machine that it
is no longer in the account.  libnet can now do this as well.
2009-06-19 13:46:07 -04:00
Kai Blin
38cd0e086f net: Only use the in memory ccache when not already using a kerberos ticket in net ads 2009-06-09 18:09:18 +02:00
Günther Deschner
72fd5fa6bb s3-net: fix "net ads testjoin".
This always needs to use machine account credentials.

Kai, please check.

Guenther
2009-06-09 15:41:44 +02:00
Kai Blin
fb262f79fa net: Use samba default command line arguments.
Attention:

The meaning of the -N flag changed.
To get the old meaning for net groupmap set, use the long option --ntname
The long option for using kerberos changed from --kerberos to --use-kerberos

net rpc commands will now prompt for a password if none is given.

As a benefit, net will now accept an authentication file like other samba
command line tools. So no need to specify the password on the command line in
scripts anymore.

This should fix bug #6357

Signed-off-by: Kai Blin <kai@samba.org>
2009-05-25 23:35:38 +02:00
Günther Deschner
d71dec9259 s3-libads: avoid NULL talloc context with ads_get_dn().
Guenther
2009-04-07 01:17:30 +02:00
Andrew Bartlett
2050187673 s3:libads Make ads_get_dn() take a talloc context
Also remove ads_memfree(), which was only ever a wrapper around
SAFE_FREE, used only to free the DN from ads_get_ds().

This actually makes libgpo more consistant, as it mixed a talloc and a
malloc based string on the same element.

Andrew Bartlett

Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-06 15:54:41 +02:00
Günther Deschner
9fdeb7f7b3 s3-spoolss: remove custom syntax_spoolss and use the syntax defined in IDL.
Guenther
2009-03-18 14:18:42 +01:00
todd stecher
9d4d2f70cb S3: Fixes for coverity issues. 2009-02-10 14:43:14 -08:00
Günther Deschner
329b8775f5 s3-net: fix warning message for keytab usage.
Guenther
2009-02-03 15:32:48 +01:00
Dan Sledz
d96248a9b4 Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum.  Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode.  This keytab is only used in
ads_verify_ticket.
2009-02-01 20:23:31 -08:00
Jeremy Allison
07e0094365 Fix all warnings in source3 with gcc4.3.
Jeremy.
2008-12-31 18:06:57 -08:00
Stefan Metzmacher
588f5aae66 s3: correctly detect if the current dc is the closest one
ads->config.tried_closest_dc was never set.

metze

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit dfe5b00db3)
2008-12-13 11:42:22 +01:00
Jelmer Vernooij
44b728958a Use common error definitions. 2008-10-23 15:35:21 +02:00
Günther Deschner
4b59ecb903 s3-build: no need to duplicate generated ndr_ prototypes.
Guenther
2008-10-20 19:47:00 +02:00
Jelmer Vernooij
f0c4829e82 Remove silly safe_free() function which is a wrapper around SAFE_FREE().
Since it's a function it just sets the local pointer to NULL and basically
is an equivalent to free().

It also claims it's being used for callbacks but isn't used that way
anywhere.
2008-10-19 13:06:14 +02:00
Jelmer Vernooij
1f3e4f39c5 Use GUID_string rather than smb_uuid_string(). 2008-10-14 02:26:18 +02:00
Jelmer Vernooij
cb78d4593b Cope with changed signature of http_timestring(). 2008-10-11 23:57:44 +02:00
Günther Deschner
81fde58551 s3-nbt: remove double nbt netlogon opcodes.
Guenther
2008-09-25 20:11:55 +02:00
Günther Deschner
f07431f5ba s3-nbt: use the new generated nbt.
Guenther
2008-09-24 03:34:23 +02:00
Günther Deschner
5bea31aa3c libnetjoin: support kerberized joining/unjoing (fix #5416).
Guenther
(This used to be commit da6e0f4f37)
2008-08-11 19:52:23 +02:00
Volker Lendecke
1335da2a7c Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS
(This used to be commit 9abc9dc4dc)
2008-07-20 17:37:11 +02:00
Karolin Seeger
7c451b9b89 net ads: Fix typos.
Karolin
(This used to be commit 63c1a5146e)
2008-06-24 16:30:33 +02:00
Günther Deschner
6ce0c85172 net: Fix bug #5542 (samsync contains empty passwords).
Guenther
(cherry picked from commit 1a22e975dd)
(This used to be commit ad8392cf7c)
2008-06-13 12:23:57 +02:00
Kai Blin
8f1f62af28 net: Fix net_ads.c build for the HAVE_ADS == 0 case.
Thanks to Karolin for catching this one.
(This used to be commit 7f52998f54)
2008-06-12 15:46:12 +02:00
Kai Blin
255bdb2602 net: Rename functable3 to functable, get rid of old functables
(This used to be commit bb7c5fc4ec)
2008-06-10 09:48:21 +02:00
Kai Blin
54bc155736 net: Make "net ads" use functable3
(This used to be commit 64e3dc6396)
2008-06-10 09:47:15 +02:00
Günther Deschner
d7772433bf net: print NBT_SERVER_X_SECRET_DOMAIN_6 flags in "net ads lookup".
Guenther
(This used to be commit 420390ba0e)
2008-06-04 01:35:43 +02:00
Kai Blin
0210f7af91 net: The top level help function for net cmd is always net_cmd_usage
(This used to be commit f7d0903a58)
2008-05-20 14:28:12 +02:00
Kai Blin
007f0e19dc net: Split out "net group"
(This used to be commit 3ddd9c09e3)
2008-05-20 14:27:40 +02:00
Kai Blin
572de942c7 net: Split out "net user"
(This used to be commit 4ca08a5acc)
2008-05-20 14:27:27 +02:00
Kai Blin
16938883e6 net: Use true/false instead of True/False.
(This used to be commit a8b567aac3)
2008-05-20 14:27:08 +02:00
coffeedude
ed08bd3e83 net ads: Upper case he realm name when calling kinit() using machine creds.
Needed fix for the DNS Update option as part of "net ads join"
(This used to be commit aebae0b71b)
2008-05-12 17:35:55 -05:00
Volker Lendecke
232853d700 Fix the build with DNS_UPDATES
(This used to be commit 6c9500c290)
2008-05-10 10:58:56 +02:00
Kai Blin
f576910944 net: Remove globals
(This used to be commit 1e9319cf88)
2008-05-10 09:22:27 +02:00
Günther Deschner
cdd9913c4a cldap: let ads_cldap_netlogon() return all possible cldap replies.
Guenther
(This used to be commit 6f9d5e1cc9)
2008-05-09 14:59:18 +02:00
Günther Deschner
bcbac69d1a cldap: avoid duplicate definitions so remove ads_cldap.h.
Guenther
(This used to be commit 538eefe22a)
2008-04-21 20:21:40 +02:00
Günther Deschner
1dd7ab38e7 cldap: add talloc context to ads_cldap_netlogon().
Guenther
(This used to be commit 4cee7b1bd5)
2008-04-21 20:21:40 +02:00
Günther Deschner
ba98dd4989 libads: Use libnbt for CLDAP reply parsing.
Guenther
(This used to be commit 751f3064a5)
2008-04-21 20:21:39 +02:00
Günther Deschner
6f4b7fcf97 net: Be more tolerant while joining.
Guenther
(This used to be commit 70b7b331d9)
2008-04-17 00:08:24 +02:00
Günther Deschner
ae1e1085a1 libnetjoin/net: Fix lp_config_backend_is_registry() handling.
Thanks obnox, now we can net ads join and net ads leave with zero
configuration changes if "config backend = registry".

Guenther
(This used to be commit 9003881773)
2008-04-14 23:07:55 +02:00
Günther Deschner
4122dabbf9 net: abort when lp_realm is not set in net_ads_leave().
Guenther
(This used to be commit 53735edcbb)
2008-04-14 22:58:38 +02:00