1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

97 Commits

Author SHA1 Message Date
Gerald Carter
2b27c93a9a r18271: Big change:
* autogenerate lsa ndr code
* rename 'enum SID_NAME_USE' to 'enum lsa_SidType'
* merge a log more security descriptor functions from
  gen_ndr/ndr_security.c in SAMBA_4_0

The most embarassing thing is the "#define strlen_m strlen"
We need a real implementation in SAMBA_3_0 which I'll work on
after this code is in.
(This used to be commit 3da9f80c28)
2007-10-10 11:51:18 -05:00
Jelmer Vernooij
995205fc60 r18188: merge 3.0-libndr branch
(This used to be commit 1115745cae)
2007-10-10 11:43:56 -05:00
Jeremy Allison
2b8abc030b r16644: Fix bug #3887 reported by jason@ncac.gwu.edu
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b6)
2007-10-10 11:19:05 -05:00
Günther Deschner
c8baac2fd6 r15553: minor rpcclient cleanup: length is already set in data_blob.
Guenther
(This used to be commit a80f366057)
2007-10-10 11:16:59 -05:00
Günther Deschner
655b04e4f8 r15041: Adding rpc client calls to manipulate auditing policies on remote CIFS
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.

Guenther
(This used to be commit 0fed66926f)
2007-10-10 11:15:59 -05:00
Günther Deschner
e443866f76 r14144: allow to set sec_info in rpcclients lsa_query_secobj.
Guenther
(This used to be commit 18ee669c60)
2007-10-10 11:15:13 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Günther Deschner
5ffc3b18ef r12131: Fix it really, this time :)
Guenther
(This used to be commit 4a506dbc3c)
2007-10-10 11:05:46 -05:00
Günther Deschner
09c1b2a20e r12130: display domain GUID.
Guenther
(This used to be commit 8e63da0366)
2007-10-10 11:05:46 -05:00
Günther Deschner
1b624b69bd r11858: Fill in the clientside TRUSTED_DOMAIN_INFO_EX query.
Guenther
(This used to be commit 02f13dee6d)
2007-10-10 11:05:31 -05:00
Günther Deschner
4c34e1b7e2 r11857: Fix the build.
Guenther
(This used to be commit 6508cb1c80)
2007-10-10 11:05:31 -05:00
Volker Lendecke
f0dab6ba20 r11286: Fix a potential segfault
(This used to be commit f4c310d556)
2007-10-10 11:05:10 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
f245e77644 r7537: Print passwords in display charset.
Guenther
(This used to be commit f3bdc20ba3)
2007-10-10 10:57:11 -05:00
Günther Deschner
4bc39f05b7 r7391: - Added client-support for various lsa_query_trust_dom_info-calls and a
rpcclient-tester for some info-levels.

  Jerry, I tried to adopt to prs_pointer() where possible and to not
  interfere with your work for usrmgr.

- Add "net rpc trustdom vampire"-tool.

  This allows to retrieve Interdomain Trust(ed)-Relationships from
  NT4-Servers including cleartext-passwords (still stored in the local
  secrets.tdb).

  The net-hook was done in cooperation with Lars Mueller
  <lmuelle@suse.de>.

  To vampire trusted domains simply call:

        net rpc trustdom vampire -S nt4dc -Uadmin%pass

Guenther
(This used to be commit 5125852939)
2007-10-10 10:57:07 -05:00
Gerald Carter
66df8431ec r5726: merge LsaLookupPrivValue() code from trunk
(This used to be commit 277203b535)
2007-10-10 10:55:57 -05:00
Jim McDonough
de1c756430 r5592: Oops, accidentally committed test version of rpcclient. Reverting changes.
(This used to be commit a5fe34ca7d)
2007-10-10 10:55:49 -05:00
Jim McDonough
ac1cc87122 r5591: Implement "net rpc trustdom del", including client side of
samr_remove_sid_from_foreign_domain.
(This used to be commit 8360695fc0)
2007-10-10 10:55:49 -05:00
Volker Lendecke
f6fed0082b r4933: List not only the first 10 trusts with rpcclient -c enumtrust.
Volker
(This used to be commit 9ca6cfcf1e)
2007-10-10 10:55:08 -05:00
Gerald Carter
cf85715319 r4821: finish off 'net rpc rights [list|grant|revoke]'
one small todo item is to add a 'accounts' sub option
to 'net rpc list' so enumerate all privileged SIDs
and their associated rights.
(This used to be commit bf4385c79a)
2007-10-10 10:53:56 -05:00
Gerald Carter
c727866172 r4742: add server support for lsa_add/remove_account_rights() and fix some parsing bugs related to that code
(This used to be commit 7bf1312287)
2007-10-10 10:53:53 -05:00
Gerald Carter
c3ba8b9a53 r4736: small set of merges from rtunk to minimize the diffs
(This used to be commit 4b351f2fcc)
2007-10-10 10:53:52 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Andrew Bartlett
7d068355aa This merges in my 'always use ADS' patch. Tested on a mix of NT and ADS
domains, this patch ensures that we always use the ADS backend when
security=ADS, and the remote server is capable.

The routines used for this behaviour have been upgraded to modern Samba
codeing standards.

This is a change in behaviour for mixed mode domains, and if the trusted
domain cannot be reached with our current krb5.conf file, we will show
that domain as disconnected.

This is in line with existing behaviour for native mode domains, and for
our primary domain.

As a consequence of testing this patch, I found that our kerberos error
handling was well below par - we would often throw away useful error
values.  These changes move more routines to ADS_STATUS to return
kerberos errors.

Also found when valgrinding the setup, fix a few memory leaks.

While sniffing the resultant connections, I noticed we would query our
list of trusted domains twice - so I have reworked some of the code to
avoid that.

Andrew Bartlett
(This used to be commit 7c34de8096)
2004-01-08 08:19:18 +00:00
Tim Potter
417bf608f4 Merge of waider's rpcclient return type patch.
(This used to be commit fb91bfa7a2)
2003-03-18 06:30:30 +00:00
Tim Potter
1788f806e7 Merge: const fixes.
(This used to be commit a20aba0999)
2003-02-25 23:51:56 +00:00
Martin Pool
188c5195ed Check return code of string_to_sid. (Merge from HEAD)
(This used to be commit 5d09aea6f7)
2003-02-18 07:05:02 +00:00
Jeremy Allison
438b5c92d4 Merge tridge's client priv code from HEAD.
Jeremy
(This used to be commit 49739be1e2)
2003-01-29 02:24:12 +00:00
Jeremy Allison
734c6d8a51 Merging tridge's privillage client changes from HEAD.
Jeremy.
(This used to be commit 30a33920b4)
2003-01-28 21:09:56 +00:00
Gerald Carter
99cdb46208 *lots of small merges form HEAD
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b321)
2003-01-15 18:57:41 +00:00
Gerald Carter
4242eda183 merging some rpcclient and net functionality from HEAD
(This used to be commit 7a4c874842)
2003-01-15 17:22:48 +00:00
Gerald Carter
9eeab10e54 [merge]
* removed unused variable from rpcclient code
* added container option to net command (patch from SuSE)
* Makefile patch for examples/VFS from SuSE
(This used to be commit 25a9681ddd)
2003-01-15 16:10:57 +00:00
Gerald Carter
9c1b62c0fd merge of working dsrolegetprimdominfo() client code from APP_HEAD
(This used to be commit 028477e352)
2002-10-04 19:33:41 +00:00
Gerald Carter
36ef82a529 merge of new client side support the Win2k LSARPC UUID in rpcbind
from APP_HEAD
(This used to be commit 1cfd2ee433)
2002-10-04 04:10:23 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
64c53e819b sync 3.0 branch with HEAD
(This used to be commit 6497eb78e8)
2002-08-17 15:33:49 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Tim Potter
d9cfe0f3eb Merge of lsa lookup names/sids patch from HEAD.
(This used to be commit e57c162897)
2002-04-15 05:02:22 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Andrew Bartlett
ba8c1c6e45 Back out some of the less well thought out ideas from last weeks work on
winbind default domains, particulary now I understand whats going on a lot
better.  This ensures that the RPC client code does as little 'magic' as
possible - this is up to the application/user.  (Where - for to name->sid code
- it was all along).  This leaves the change that allows the sid->name code to
return domains and usernames in seperate paramaters.

Andrew Bartlett
(This used to be commit 5dfba2cf53)
2002-01-26 11:48:42 +00:00
Andrew Bartlett
84ce7ec0a4 Make a talloc'ed copy of this strings so we can pass the right kind of pointer
to the function.  This fixes a nice little segfault the brute-force-casting
created. :-)

Andrew Bartlett
(This used to be commit c84fa7f5fd)
2002-01-26 10:06:23 +00:00
Andrew Bartlett
93a8358910 This patch makes the 'winbind use default domain' code interact better with
smbd, and also makes it much cleaner inside winbindd.

It is mostly my code, with a few changes and testing performed by Alexander
Bokovoy <a.bokovoy@sam-solutions.net>.  ab has tested it in security=domain and
security=ads, but more testing is always appricatiated.

The idea is that we no longer cart around a 'domain\user' string, we keep them
seperate until the last moment - when we push that string into a pwent on onto
the socket.

This removes the need to be constantly parsing that string - the domain prefix
is almost always already provided, (only a couple of functions actually changed
arguments in all this).

Some consequential changes to the RPC client code, to stop it concatonating the
two strings (it now passes them both back as params).

I havn't changed the cache code, however the usernames will no longer have a
double domain prefix in the key string.  The actual structures are unchanged
 - but the meaning of 'username' in the 'rid' will have changed.  (The cache is
invalidated at startup, so on-disk formats are not an issue here).

Andrew Bartlett
(This used to be commit e870f0e727)
2002-01-20 01:24:59 +00:00
Tim Potter
44d423419a Grr - people who put const everywhere should fix up all the warnings they
generate.
(This used to be commit d1ebd259c8)
2001-12-11 02:23:14 +00:00
Tim Potter
b872787f01 Doing some research into ACLs on the LSA and SAM policy objects.
- added lsaquerysecobj to rpcclient
 - renamed querysecobj to samquerysecobj
 - removed duplicated display_sec_acl() code from cmd_spoolss.c and
   cmd_samr.c and moved it into display_sec.c
(This used to be commit 59b2e3f408)
2001-12-11 02:17:26 +00:00
Andrew Tridgell
ad2974cd05 added "net join" command
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee90)
2001-11-24 14:16:41 +00:00
Jean-François Micouleau
ca477a61e7 added lsaenumprivsaccount and lsalookupprivvalue to rpcclient
and more to come ...

	J.F.
(This used to be commit 1748d5a2af)
2001-11-24 00:13:41 +00:00
Jean-François Micouleau
fbfd27a495 added lsa_enum_sids to rpcclient
fixed lsa_enum_rpivs server code. This time it works as W2K.
fixed smbgroupedit to compile and work.

	J.F.
(This used to be commit 646651018a)
2001-11-22 23:50:16 +00:00
Jean-François Micouleau
33e20222e0 add another command to rpcclient: getdispname. Show the full description
of a privilege.

	J.F.
(This used to be commit 84035ae72f)
2001-11-22 16:54:48 +00:00
Jean-François Micouleau
2e8ae88785 add a command to rpcclient: enumprivs
J.F.
(This used to be commit fa63cb78e3)
2001-11-22 16:12:43 +00:00