1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

253 Commits

Author SHA1 Message Date
Gerald Carter
db7bf9a6b6 r20173: DNS update fixes:
* Fix DNS updates for multi-homed hosts
* Child domains often don't have an NS record in
  DNS so we have to fall back to looking up the the NS
  records for the forest root.
* Fix compile warning caused by mismatched 'struct in_addr'
  and 'in_addr_t' parameters called to DoDNSUpdate()
(This used to be commit 3486acd3c3)
2007-10-10 12:16:29 -05:00
Jim McDonough
243b462b09 r20119: Update help info indicating how to use separators (forward slash only)
and properly use backslashes in "net ads join computername="
(This used to be commit cc26e2f9a1)
2007-10-10 12:16:26 -05:00
Volker Lendecke
5f3b7ee713 r19766: Fix a const-warning. Jerry, what did you want to fix with this line?
Volker
(This used to be commit 55dc4741cf)
2007-10-10 12:15:54 -05:00
Gerald Carter
c2aae726ea r19762: libaddns/*[ch] code fixes donated by Centeris Corporation
(http://www.centeris.com/) under my copyright.

* Rework error reporting to use DNS_ERROR instead
  of int32
* Convert memory allocation to use talloc()
* Generalize the DNS request/response packet marshalling
* Fix the secure update requests
(This used to be commit c787983336)
2007-10-10 12:15:53 -05:00
Gerald Carter
8fa0a80b49 r19754: * When using a krb5 session setup, we don't fill in the server_name
string the clis_state struct.  So call saf_store() after we
  have the short domain name in the lsa_query_inof_policy code.

* Remove unused server string in saf_delete()
(This used to be commit 3eddae2f20)
2007-10-10 12:15:53 -05:00
Günther Deschner
61a38bd4b8 r19651: Fix interesting bug with the automatic site coverage in Active Directory:
When having DC-less sites, AD assigns DCs from other sites to that site
that does not have it's own DC. The most reliable way for us to identify
the nearest DC - in that and all other cases - is the closest_dc flag in
the CLDAP reply.

Guenther
(This used to be commit ff004f7284)
2007-10-10 12:15:44 -05:00
Günther Deschner
31a63ab19f r19528: Fix container handling for "net ads user" and "net ads group" functions
along with some memleaks.

Guenther
(This used to be commit 4bad52c5b3)
2007-10-10 12:15:41 -05:00
Günther Deschner
4e0f560f60 r19527: Fix double free in "net ads group add".
Guenther
(This used to be commit 08db3d3b04)
2007-10-10 12:15:41 -05:00
Günther Deschner
25fb86570d r19525: Fix the same error in "net ads group delete".
Guenther
(This used to be commit 94ed3e9de8)
2007-10-10 12:15:40 -05:00
Günther Deschner
8a9c4331a3 r19524: Stop "net ads user delete" from doing funny things.
Guenther
(This used to be commit a20e7c0315)
2007-10-10 12:15:40 -05:00
Günther Deschner
78f977f746 r19493: There is no point in prompting for a user's password in "net ads" when
we can't find a domain controller at all.

Guenther
(This used to be commit e691ae7da3)
2007-10-10 12:15:39 -05:00
Jeremy Allison
a0c84f1b12 r19257: Janitor for Guenther - as well as a little massaging to make
his patch fit SAMBA_3_0. (This is guenthers code). Make
site support work correctly in net ads join.
Jeremy.
(This used to be commit 47352b5398)
2007-10-10 12:15:26 -05:00
Günther Deschner
ac080e3184 r19039: Do not segfault in "net ads printer info" when a requested printserver
does not exist.

Guenther
(This used to be commit 359315021d)
2007-10-10 12:15:04 -05:00
Günther Deschner
88a98e35c7 r19003: Finally activate "net ads gpo".
For those who are interested, try

        net ads gpo refresh mybox$

to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache.
Detailed information about GPOs is currently only printed when setting a
higher debuglevel then 0.

Guenther
(This used to be commit d086babf9d)
2007-10-10 12:14:55 -05:00
Günther Deschner
0d12a35e6b r18817: Enable the build of the gpo tool but do not make it available yet.
Guenther
(This used to be commit 927cda5d31)
2007-10-10 12:01:03 -05:00
Jeremy Allison
dc14e67a6b r18467: Some sites allow an account to be deleted, but not
disabled. Cope with both - print appropriate messages.
Jeremy.
(This used to be commit 2c003a4463)
2007-10-10 11:51:43 -05:00
Jeremy Allison
8c2c5c5d1d r18446: Add the ldap 'leave domain' code - call this as
a non-fatal error path if the 'disable machine
account' code succeeded.
Jeremy.
(This used to be commit f47bffa21e)
2007-10-10 11:51:42 -05:00
Günther Deschner
a58dc69813 r18170: Make sure to actually get the printing data before trying to publish it
in AD.

Guenther
(This used to be commit 1bb29acb3b)
2007-10-10 11:43:30 -05:00
Volker Lendecke
ee0e397d6f r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.
Compiled it on systems with and without LDAP, I hope it does not break the
build farm too badly. If it does, I'll fix it tomorrow.

Volker
(This used to be commit b2ff9680eb)
2007-10-10 11:39:49 -05:00
Jeremy Allison
4dcda274ef r17941: Fix print out of client site name.
Jeremy.
(This used to be commit b8cedcac93)
2007-10-10 11:39:00 -05:00
Jeremy Allison
2abab7ee6d r17928: Implement the basic store for CLDAP sitename
support when looking up DC's. On every CLDAP
call store the returned client sitename (if
present, delete store if not) in gencache with
infinate timeout. On AD DNS DC lookup, try looking
for sitename DC's first, only try generic if
sitename DNS lookup failed.
I still haven't figured out yet how to ensure
we fetch the sitename with a CLDAP query before
doing the generic DC list lookup. This code is
difficult to understand. I'll do some experiments
and backtraces tomorrow to try and work out where
to force a CLDAP site query first.
Jeremy.
(This used to be commit ab3f0c5b1e)
2007-10-10 11:38:59 -05:00
Gerald Carter
5693e6c599 r17798: Beginnings of a standalone libaddns library released under
the LGPL.   Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.

It's still got some warts, but non-secure updates do
currently work.  There are at least four things left to
really clean up.

1. Change the memory management to use talloc() rather than
   malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
   dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
   (and under the LGPL).

A few notes:

* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
  issues.
(This used to be commit 36f04674ae)
2007-10-10 11:38:48 -05:00
Volker Lendecke
900fe6a625 r17603: Make net_ads_join_ok return NTSTATUS.
Thanks to Michael Adam <ma@sernet.de>

hop, hop, hop... ;-)

Volker
(This used to be commit 47facab798)
2007-10-10 11:38:42 -05:00
Volker Lendecke
01c77cefef r17602: Make check_ads_config return NTSTATUS, set some error codes in net_ads_join.
Thanks to Michael Adam <ma@sernet.de>

Volker
(This used to be commit 27cca86150)
2007-10-10 11:38:42 -05:00
Volker Lendecke
8b39f5ef37 r17591: machine_account is unused, and ctx must be freed. Thanks Michael
(This used to be commit a347f8a9c4)
2007-10-10 11:38:41 -05:00
Volker Lendecke
20ad622b98 r17585: Don't let ads_status throw away the error information.
Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit ea3a4142a0)
2007-10-10 11:38:41 -05:00
Volker Lendecke
db21dceb43 r17557: Change net_join_domain to return NTSTATUS instead of int.
Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit c4e10afadb)
2007-10-10 11:38:39 -05:00
Volker Lendecke
c804dd0117 r17551: Move some DEBUG to d_printf in interactive functions and return
NO_LOGON_SERVERS if no domain controller was found.

Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit d44599de3a)
2007-10-10 11:38:38 -05:00
Gerald Carter
e5f6544df1 r17383: Patch from Michael Adams <ma@sernet.de> to catch
some memory leaks on error paths in net_ads_join()
(This used to be commit 24de2d83ff)
2007-10-10 11:38:29 -05:00
Gerald Carter
20c09b75fa r17258: Cleanup the 'net ads help join' output and document createupn
and createcomputer options
(This used to be commit 87be77bf35)
2007-10-10 11:38:22 -05:00
Gerald Carter
188e7ac756 r17158: Add two new options to 'net ads join'
* createupn=[host_upn@realm]
  * createcomputer=<ou path top to bottom> (this was previously
    the only arg)
(This used to be commit 75054e984e)
2007-10-10 11:38:17 -05:00
Gerald Carter
02f272f3c6 r17149: Fail the join if we cannot set any SPNs for the machine account.
Disable the one we created and whine.
(This used to be commit 1a7e81a4a8)
2007-10-10 11:38:16 -05:00
Günther Deschner
9c160dd9a7 r17086: Re-add ability to contact remote domain controllers with the "net ads"
toolset.

In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).

Guenther
(This used to be commit d573e64781)
2007-10-10 11:38:10 -05:00
Gerald Carter
060b155cd2 r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
2007-10-10 11:19:15 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Günther Deschner
10252f270e r16453: Fix another memleak.
Guenther
(This used to be commit 49fb1a3ebc)
2007-10-10 11:18:55 -05:00
Jeremy Allison
300acb99ad r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsigned
int
in a format string.
Jeremy.
(This used to be commit face01ef01)
2007-10-10 11:17:31 -05:00
Günther Deschner
e942ca4e0a r16261: Smaller fixes for net ads password.
Guenther
(This used to be commit 689ae22c80)
2007-10-10 11:17:28 -05:00
Günther Deschner
bf7a5433b4 r16115: Make "net ads changetrustpw" work again.
(adapt to the new UPN/SPN scheme).

Guenther
(This used to be commit 8fc70d0df0)
2007-10-10 11:17:21 -05:00
Günther Deschner
ae4a2a2b9d r15703: Fix d_printf call.
Guenther
(This used to be commit 741602e03a)
2007-10-10 11:17:08 -05:00
Gerald Carter
463e7c1171 r15701: change 'net ads leave' to disable the machine account in the domain (since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625)
2007-10-10 11:17:08 -05:00
Gerald Carter
13bc6d4666 r15680: use the user creds when calling net_set_machine_spn() rather than the machine creds (just like WinXP)
(This used to be commit ae2bf464c4)
2007-10-10 11:17:07 -05:00
Gerald Carter
b16bdf985d r15597: more ads join fixes -- we can only set the PWDNOEXP and DES_ONLY acb flags on the setuserinfo(), not the createuser info call
(This used to be commit d933ac273d)
2007-10-10 11:17:02 -05:00
Gerald Carter
bc89437cca r15561: Should re-fix older systems without RC4-HMAC support
(This used to be commit 00c795e366)
2007-10-10 11:17:01 -05:00
Gerald Carter
f1039b8fb4 r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....
Re-add the capability to specify an OU in which to create
the machine account.  Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e304)
2007-10-10 11:17:01 -05:00
Günther Deschner
453e4b50aa r15559: Smaller fixes for the new cldap code:
* replace printf to stderr with DEBUG statements as they get printed in
  daemons
* "net ads lookup" return code

Guenther
(This used to be commit 8dd925c5fb)
2007-10-10 11:17:01 -05:00
Gerald Carter
2c029a8b96 r15543: New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f)
2007-10-10 11:16:57 -05:00
Volker Lendecke
18250bc299 r15471: Clarify error message
(This used to be commit f21adc04f7)
2007-10-10 11:16:51 -05:00
Gerald Carter
af086da4ec r15462: replace the use of OpenLDAP's ldap_domain2hostlist() for
locating AD DC's with out own DNS SRV queries.
Testing on Linux and Solaris.
(This used to be commit cf71f88a3c)
2007-10-10 11:16:49 -05:00
Günther Deschner
c6fa16f330 r15460: Prefer to use the indexed objectCategory attribute (instead of
objectClass which is not indexed on AD) in LDAP queries.

Guenther
(This used to be commit 847882a983)
2007-10-10 11:16:49 -05:00
Jeremy Allison
c176ec2629 r15336: Unknown escape sequence: '\305' - should have been '\n'.
(How did that get in there ?).
Jeremy
(This used to be commit 780b71d300)
2007-10-10 11:16:36 -05:00
Günther Deschner
34e810076d r15305: Let winbind search by sid directly (or in windows terms: "bind to a
sid"); works in all AD versions I tested. Also add "net ads sid" search
tool.

Guenther
(This used to be commit 5557ada694)
2007-10-10 11:16:33 -05:00
Günther Deschner
8fca274e47 r15194: We need to be able to join as PDC as well. Thanks to Andrew Bartlett.
Guenther
(This used to be commit ba81b508ca)
2007-10-10 11:16:28 -05:00
Volker Lendecke
fb1f83b05d r15137: Refuse to join if our netbios name is longer than 15 chars. I think this is
sufficient to fix bug #3659.

Volker
(This used to be commit 0ef5e4372c)
2007-10-10 11:16:26 -05:00
Volker Lendecke
d4d04313ea r15136: Fix join consistency check
(This used to be commit a6e88785e7)
2007-10-10 11:16:25 -05:00
Günther Deschner
4549efe696 r15123: Don't even try to join with an inproper configuration.
Guenther
(This used to be commit 22b6875897)
2007-10-10 11:16:25 -05:00
Jeremy Allison
576e17cbf3 r14831: Fix possible null deref. Coverity #279.
Jeremy.
(This used to be commit 75be5c17bc)
2007-10-10 11:15:49 -05:00
Günther Deschner
895fc239a4 r14757: Make sure we only send out a CLDAP request to an connected AD server.
Guenther
(This used to be commit d17712f976)
2007-10-10 11:15:46 -05:00
Volker Lendecke
d95efac94d r14099: Fix Coverity # 113
(This used to be commit db00570535)
2007-10-10 11:11:12 -05:00
Lars Müller
c42be9fd38 r12986: Use d_fprintf(stderr, ...) for any error message in net.
All 'usage' messages are still printed to stdout.

Fix some compiler warnings for system() calls where we didn't used the
return code.  Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdaf)
2007-10-10 11:06:09 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
63546f1c79 r8675: fix some compile warnings.
Guenther
(This used to be commit afa8ae831a)
2007-10-10 11:00:14 -05:00
Gerald Carter
f24d88cf9d r7139: trying to reduce the number of diffs between trunk and 3.0; changing version to 3.0.20pre1
(This used to be commit 9727d05241)
2007-10-10 10:57:02 -05:00
Gerald Carter
e2404c8129 r6940: fixing debug messages
(This used to be commit 81c1ac255e)
2007-10-10 10:56:57 -05:00
Volker Lendecke
f272f40692 r6900: Fix bug 2725. Thanks, John, for finding it.
Volker
(This used to be commit 913c06ad3e)
2007-10-10 10:56:56 -05:00
Jeremy Allison
6019df0858 r6834: Fix bug #2703, found by John Antonishek <ant@nist.gov>. Add NULL
guard for disp_fields[0].
Jeremy.
(This used to be commit ee45f4b17e)
2007-10-10 10:56:55 -05:00
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Derrell Lipman
934d41d239 r6127: Eliminated all compiler warnings pertaining to mismatched "qualifiers". The
whole of samba comiles warning-free with the default compiler flags.

Temporarily defined -Wall to locate other potential problems.  Found an
unused static function (#ifdefed out rather than deleted, in case it's
needed for something in progress).

There are also a number of uses of undeclared functions, mostly krb5_*.
Files with these problems need to have appropriate header files included,
but they are not fixed in this update.

oplock_linux.c.c has undefined functions capget() and capset(), which need
to have "#undef _POSIX_SOURCE" specified before including <sys/capability.h>,
but that could potentially have other side effects, so that remains uncorrected
as well.

The flag -Wall should be added permanently to CFLAGS, and all warnings then
generated should be eliminated.
(This used to be commit 5b19ede88e)
2007-10-10 10:56:24 -05:00
Gerald Carter
d44a737932 r5955: BUG 2517: use the realm from smb.conf for 'net ads info' when 'disable netbios = yes'
(This used to be commit 77734120d3)
2007-10-10 10:56:11 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Jeremy Allison
917a53cc58 r3492: Fixes from testing kerberos salted principal fix.
Jeremy.
(This used to be commit b356a8fdc5)
2007-10-10 10:53:07 -05:00
Jeremy Allison
f8345c1b18 r3273: Ensure we're consistent in the use of strchr_m for '@'.
Jeremy.
(This used to be commit 0f3f7b035b)
2007-10-10 10:53:03 -05:00
Tim Potter
b4cf9e9505 r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of
'..' from all #include preprocessor commands.   This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa)
2007-10-10 10:52:55 -05:00
Günther Deschner
132879b285 r2832: Readd WKGUID-binding to match the correct default-locations of new
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).

This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.

Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.

Guenther
(This used to be commit 8836621694)
2007-10-10 10:52:54 -05:00
Günther Deschner
676aa559fe r2746: Fix typos in net's usage-output.
Guenther
(This used to be commit 4886d6663d)
2007-10-10 10:52:50 -05:00
Jim McDonough
d86f6ceead r1750: This patch allows net ads lookup to rely on command line arguments if contacting an ADS server fails. This allows net ads lookup to work with clapd (very useful for testing).
from aliguori@us.ibm.com
(This used to be commit edb4e940b4)
2007-10-10 10:52:20 -05:00
Gerald Carter
824bc32be7 r1399: applying heimdal krb5 fixes from Guenther and fixing compile warnings in libadskerberos_keyatb.c
(This used to be commit 837f56ec8b)
2007-10-10 10:52:10 -05:00
Jeremy Allison
792776782e r1240: Ensure we don't shadow Heimdal globals.
Jeremy.
(This used to be commit 464d2e9048)
2007-10-10 10:52:02 -05:00
Jeremy Allison
7825677b86 r1222: Valgrind memory leak fixes. Still tracking down a strange one...
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aa)
2007-10-10 10:52:00 -05:00
Jeremy Allison
2055155291 r1221: Added the last of the system keytab patch from "Dan Perry" <dperry@pppl.gov>,
fixed valgrind detected mem corruption in libads/kerberos_keytab.c.
Jeremy.
(This used to be commit 286f4c809c)
2007-10-10 10:52:00 -05:00
Tim Potter
5a521453ba Use possessive in message asking for user's password.
(This used to be commit cc9765ce97)
2004-03-14 03:47:03 +00:00
Gerald Carter
31a3842644 fixing compile problems due to my recent ads.h changes
(This used to be commit d7b6298b9e)
2004-01-12 14:26:50 +00:00
Volker Lendecke
8bfc33f5ed Collecting some minor patches...
This adds the ability to specify the new user password for 'net ads password'
on the command line. As this needs the admin password on the command line, the
information leak is minimally more.

Patch from gd@suse.de

Volker
(This used to be commit e6b4b956f6)
2003-12-26 19:38:36 +00:00
Volker Lendecke
203710ea6d Get rid of a const warning
Volker
(This used to be commit 94860687c5)
2003-11-26 09:58:41 +00:00
Jim McDonough
c3125b6e2f Fix bug 451. Stop net -P from prompting for machine account password.
Based on work by Ken Cross (kcross@nssolutions.com).
(This used to be commit 8ef7ac22ef)
2003-10-23 14:33:19 +00:00
Gerald Carter
7544b0c773 fixes for ads domain membership when only the realm is defined in
smb.conf

Fixes to ensure we work with disable netbios = yes
(This used to be commit 3913e43724)
2003-09-05 17:57:45 +00:00
Gerald Carter
bf0f3be29d Check in Andrew's fix for bug #305 (always use lp_realm() )
Also make sure thet ads_startup uses lp_realm instead of
just relying on the workgroup name.  Fixes bug in net ads join
when the workgroup defaults to "WORKGROUP" and we ignore the
realm name.
(This used to be commit b1763ace4e)
2003-09-04 19:45:04 +00:00
Andrew Bartlett
f1be3a5c5d - Make 'net' use a single funciton for setting the 'use machine account' code.
- Make winbindd try to use kerberos for connections to DCs, so that it can
   access RA=2 servers, particularly for netlogon.
 - Make rpcclient follow the new flags for the NETLOGON pipe
 - Make all the code that uses schannel use the centralised functions for doing so.

Andrew Bartlett
(This used to be commit 96b4187963)
2003-08-19 22:47:10 +00:00
Jeremy Allison
29ca70cd34 Add a command line option (-S on|off|required) to enable signing on client
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671d)
2003-07-30 23:49:29 +00:00
Andrew Bartlett
5ab880d684 Use the specified workgroup in 'net ads'. (Defaults to lp_workgroup()).
Andrew Bartlett
(This used to be commit e6cc5ca780)
2003-07-27 03:42:10 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Tim Potter
ecb86e5e88 Some fixes for ads printer publish:
- check error return for cli_full_connection() when trying to obtain
    printer data

  - check error return on ads_find_machine_acct()

  - Minor reformatting to separate fetching printer data from publishing it
(This used to be commit 94fe3b2cdf)
2003-07-03 05:58:55 +00:00
Tim Potter
baf439cd55 Implemented 'net ads printer search' which searches the directory for
published printers.

At the moment we don't search using any parameters but this can be
fixed by changing the LDAP search string.  Also we should contact
the global catalog at SRV _gc._tcp instead of the ldap server we
get back from ads_startup().
(This used to be commit 814519c5de)
2003-07-03 05:08:51 +00:00
Tim Potter
9d4b66c974 Yet more shadow variable warnings.
(This used to be commit b401e78b6e)
2003-06-30 05:45:27 +00:00
Andrew Tridgell
0d556758de use lp_realm() to find the default realm for 'net ads password'
(This used to be commit 21d9280278)
2003-06-10 04:15:55 +00:00
Jim McDonough
0463fc2d77 Fix bug #137: krb5_set_password is already defined in MIT 1.3 libs, so
we wouldn't build.
(This used to be commit 0e9836c4e9)
2003-05-30 19:51:09 +00:00
Jeremy Allison
6abef08100 Fix obvious compiler warnings.
Jeremy.
(This used to be commit 2a6d0c2481)
2003-05-12 21:27:54 +00:00
Andrew Bartlett
6a19f354e5 Patch from Ken Cross to allow an ADS domain join with a username of the form
user@realm, where realm might not be the realm we are joining.

Andrew Bartlett
(This used to be commit 00e08efb5c)
2003-05-04 02:48:11 +00:00
Jim McDonough
7b126ce7a0 Like net rpc user -l, let net ads user -l allow more than 50 characters in
comments.
(This used to be commit b5b1732b11)
2003-04-29 15:15:31 +00:00
Andrew Bartlett
96e1202f23 Fix up bugs in the new 'store sec_channel type' code - we were always joining
as a BDC.

Andrew Bartlett
(This used to be commit f35674e755)
2003-04-22 05:32:01 +00:00
Andrew Bartlett
f071020f5e Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
(This used to be commit 876e00fd11)
2003-04-21 14:09:03 +00:00
Jelmer Vernooij
9397cdba52 - Change ADS CHOSTPASS -> ADS CHANGETRUSTPW
- Add general CHANGETRUSTPW function that calls ADS CHANGETRUSTPW or RPC CHANGETRUSTPW
(Merged from HEAD)
(This used to be commit f0982e1102)
2003-04-14 22:27:09 +00:00
Andrew Bartlett
83a580f49a Merge from HEAD:
net ads password

Heimdal compile fixes.

Andrew Bartlett
(This used to be commit 3aa4f923e9)
2003-03-17 22:58:24 +00:00
Andrew Bartlett
c945a9c97f Merge from HEAD:
new 'net ads dn'

doxygen fixes

net help fixes.
(This used to be commit de24fcb097)
2003-03-17 22:33:34 +00:00
Andrew Bartlett
52db4c6698 Missed a couple of files from the client-side kerberos merge
(This used to be commit 56934f303c)
2003-02-24 03:06:45 +00:00
Andrew Bartlett
963e88aa90 Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and some
misc libads fixes.

Andrew Bartlett
(This used to be commit 9c3a1710ef)
2003-02-01 07:59:29 +00:00
Gerald Carter
99cdb46208 *lots of small merges form HEAD
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
2003-01-15 18:57:41 +00:00
Gerald Carter
9eeab10e54 [merge]
* removed unused variable from rpcclient code
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 25a9681ddd)
2003-01-15 16:10:57 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jeremy Allison
ef8bd7c4f7 Forward port the change to talloc_init() to make all talloc contexts
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6)
2002-12-20 20:21:31 +00:00
Jeremy Allison
46d5c060c6 jcmd really should run with a higher compiler warning level more often :-).
Jeremy.
(This used to be commit e93bd375b9)
2002-11-23 02:51:28 +00:00
Jim McDonough
3bea5acd2e Next step of printer publishing.
net ads printer publish <printername> [servername]
Will retreive the DsSpooler and DsDriver info by rpc for a remote server
then publish it.

Next comes doing it within smbd
(This used to be commit efeaa8f4f4)
2002-11-18 20:23:05 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
f0255b38bc sync 3.0 branch with HEAD
(This used to be commit 1b83b78e33)
2002-08-17 14:45:04 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jim McDonough
6e0b34fb3c Rename of ads_do_search_all2() to ads_do_search_all() and removal of
server sort controls.  Also put option externs in the net.h include.
(This used to be commit b69f11170c)
2002-04-10 13:29:23 +00:00
Jim McDonough
3fcb31db92 Use the new ads_do_search_all2 function. It provides sorted results. We now
also filter out users that end in '$', which gives us the same results as
the net rpc user and net rap user.
(This used to be commit e3a8138312)
2002-04-05 19:28:02 +00:00
Jim McDonough
1458b7c795 Lots more net consistency work:
- Added net_help.c for unified help when possible
- Added net rpc user listing, delete, info commands
- Unified net user command to autodetect ads/rpc/rap (try in that order)
- Added generic routine for detecting rpc (protocol > PROTOCOL_NT1)
- I'm sure I forgot something.
(This used to be commit 9daa5788c8)
2002-04-05 01:36:28 +00:00
Jim McDonough
e2745e88e5 More updates for auto-detecting server connection method. Added net_ads_check()
to make a connection (which stores the password in a global so it can be
used by rpc or rap function if ads fails) and close it to verify if ads
method should be used.
(This used to be commit 093297a27d)
2002-04-04 16:47:24 +00:00
Jim McDonough
7bfa5ead49 Add non-ads version of net_ads_help for build on non-ads machines.
(This used to be commit dd7c20e533)
2002-04-04 03:14:25 +00:00
Jim McDonough
c0bf7d9db4 Correct error string function call to ads_errstr()
(This used to be commit d7317ca8da)
2002-04-04 03:06:22 +00:00
Jim McDonough
94e3c18e9c Add net ads user subcommands: add delete info. Also make user listing format
consistent with rap version.
(This used to be commit f6eb7c0c7e)
2002-04-04 02:53:42 +00:00
Jim McDonough
b94791f1d4 Re-implemented net ads user and net ads group to use the new
ads_process_results function.  Also made sure net rap user and net ads
user display the same thing, to make auto-transport-detection smoother.
(This used to be commit 4cf42c07ec)
2002-03-29 21:09:44 +00:00
Andrew Tridgell
3fd8f2d6e8 make net ads info work with -S
(This used to be commit 57645fd85b)
2002-03-21 04:48:24 +00:00
Andrew Tridgell
1603584137 make "net ads user" and "net ads group" also use the new paged interface
(This used to be commit 98769f08e7)
2002-03-19 22:16:19 +00:00
Jim McDonough
0bb16f1d01 Fix build for non-ads case
(This used to be commit 7ba235c0fb)
2002-03-16 01:30:09 +00:00
Jim McDonough
04845c4cc0 Expose net_ads_join to allow for auto-transport-detection for net join
(This used to be commit 87ee483231)
2002-03-15 22:05:39 +00:00
Jim McDonough
5980e74d4c Add paged search requests to net ads user and net ads group commands, allowing more than 1000 (or whatever the query limit is on the server) objects to be returned. Printers will come next.
(This used to be commit 9c447920df)
2002-03-14 17:56:33 +00:00
Andrew Tridgell
9b9d681870 try to use our workstation account password for ADS leave
(This used to be commit 2a42e91397)
2002-03-10 01:52:09 +00:00
Andrew Bartlett
56d5f6bad2 dont strdup() possibly null values.
(This used to be commit 0511589088)
2002-02-16 22:11:49 +00:00
Andrew Bartlett
62ee445422 Subject:
[PATCH] net ads error
    Date:
         Fri, 15 Feb 2002 20:03:32 +0200
   From:
         Alexander Bokovoy <a.bokovoy@sam-solutions.net>
     To:
         samba-technical@samba.org

Greetings!

Attached patch fixes a problem with non-working 'net ads -Uuser%pass'
in CVS HEAD.
(This used to be commit a21a951ff9)
2002-02-15 22:18:52 +00:00
Jim McDonough
ffc58a7ff8 Add support for net ads printer to publish, remove, or display printer info in the directory. Only publishes required fields right now.
(This used to be commit 1d326f8b7e)
2002-02-02 02:06:03 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Jim McDonough
de260eadf9 Enable net ads commands to use existing tickets if the user doesn't specify a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa83)
2002-01-25 22:07:46 +00:00
Andrew Tridgell
9f85d4ad5f much better support for organisational units in ADS join
(This used to be commit 7e876057d5)
2002-01-16 02:22:30 +00:00
Andrew Tridgell
91ee73e300 make sure we store the domain sid when joining a ADS domain
(This used to be commit dfbe442c66)
2001-12-20 23:35:53 +00:00
Andrew Tridgell
6c7e9dfb29 net ads password and net ads chostpass commands from Remus Koos
(This used to be commit 412e79c448)
2001-12-20 03:54:52 +00:00
Andrew Tridgell
1f31ace6cb much better ADS error handling system
(This used to be commit 05a90a2884)
2001-12-19 12:21:12 +00:00
Andrew Tridgell
a062e58d9e - added initial support for trusted domains in winbindd_ads
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
(This used to be commit ee1c3e1f04)
2001-12-19 08:44:23 +00:00
Andrew Tridgell
48c45486e3 allow selection of the organisational unit when joining a realm
(This used to be commit f1231c2b54)
2001-12-17 11:16:22 +00:00
Andrew Tridgell
1fb2f3649d added "net ads info" to fetch basic ADS info without any auth
(This used to be commit b107ecef70)
2001-12-13 13:19:20 +00:00
Andrew Tridgell
5d378a280f added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a)
2001-12-08 11:18:56 +00:00
Andrew Bartlett
8ba00d147b OK. Smbpasswd -j is DEAD.
This moves the rest of the functionality into the 'net rpc join' code.

Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.

I have also fixed up the smbpasswd -a -m bug in the process.

We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.

With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).

Andrew Bartlett
(This used to be commit 575897e879)
2001-12-05 11:00:26 +00:00
Andrew Tridgell
9421ad4a7a added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b736)
2001-12-05 09:46:53 +00:00
Andrew Bartlett
f018400b69 Follow herb's suggestion and don't strdup a string to itself.
(This used to be commit ea76a687fc)
2001-12-05 01:58:33 +00:00
Andrew Bartlett
fe64484824 Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.

Also fix mem leaks etc.

Andrew Bartlett
(This used to be commit 8f9ce71781)
2001-11-29 06:21:56 +00:00
Tim Potter
222311817f More compiler warnings fixed. Some minor reformatting.
(This used to be commit 8227f6909c)
2001-11-26 04:53:08 +00:00
Andrew Tridgell
354cdfa8f8 better help
(This used to be commit b390d6eef9)
2001-11-25 01:42:29 +00:00
Andrew Tridgell
a83e7725c4 use generate_random_str()
(This used to be commit 720c50a751)
2001-11-25 01:36:02 +00:00