1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

372 Commits

Author SHA1 Message Date
Gerald Carter
5693e6c599 r17798: Beginnings of a standalone libaddns library released under
the LGPL.   Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.

It's still got some warts, but non-secure updates do
currently work.  There are at least four things left to
really clean up.

1. Change the memory management to use talloc() rather than
   malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
   dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
   (and under the LGPL).

A few notes:

* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
  issues.
(This used to be commit 36f04674ae)
2007-10-10 11:38:48 -05:00
Volker Lendecke
c804dd0117 r17551: Move some DEBUG to d_printf in interactive functions and return
NO_LOGON_SERVERS if no domain controller was found.

Thanks to Michael Adam <ma@sernet.de>.

Volker
(This used to be commit d44599de3a)
2007-10-10 11:38:38 -05:00
Volker Lendecke
b757699e8b r17536: Add a debug message citing the reason why an LDAP connection failed, inspired
by Christian M Ambach <CAMBACH1@de.ibm.com>.

Volker
(This used to be commit cf7c83d462)
2007-10-10 11:38:37 -05:00
Volker Lendecke
7c94b93af6 r17535: Reformatting, this had many tabs instead of ^$
(This used to be commit 0f483cf66c)
2007-10-10 11:38:37 -05:00
Volker Lendecke
846e939260 r17089: Fix a possible null dereference and some memleaks.
Jerry, please check.

Thanks,

Volker
(This used to be commit b87c495221)
2007-10-10 11:38:11 -05:00
Gerald Carter
060b155cd2 r16952: New derive DES salt code and Krb5 keytab generation
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
(This used to be commit 6261dd3c67)
2007-10-10 11:19:15 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Günther Deschner
7048040be8 r16862: Reverting accidential changes in ads_try_connect() from previous commit.
Guenther
(This used to be commit 6257f9af93)
2007-10-10 11:19:12 -05:00
Günther Deschner
f3e71c6072 r16861: Fixing crash bug when passing no domain/realm name to the CLDAP request.
Guenther
(This used to be commit 863aeb621a)
2007-10-10 11:19:11 -05:00
Günther Deschner
67d8c7432f r16836: When receiving a CLDAP reply make sure that we always store the correct
netbios domain name in server affinity cache.

Guenther
(This used to be commit 08958411ee)
2007-10-10 11:19:11 -05:00
Jeremy Allison
8f0ea257b6 r16685: Fix bug #3901 reported by jason@ncac.gwu.edu.
Jeremy.
(This used to be commit d48655d9c0)
2007-10-10 11:19:07 -05:00
Volker Lendecke
8961048d24 r16339: Fix Klocwork ID
277 278     (cmd_*)

485 487 488 (ldap.c)

Volker
(This used to be commit 5b1eba76b3)
2007-10-10 11:17:36 -05:00
Jeremy Allison
d730df0493 r16324: Klocwork #499. Allways check results from alloc.
Jeremy.
(This used to be commit 2b69d436da)
2007-10-10 11:17:33 -05:00
Jeremy Allison
be6fd76436 r16322: Klocwork #481., Don't deref null on malloc fail.
Jeremy.
(This used to be commit dd31f3fc0e)
2007-10-10 11:17:33 -05:00
Günther Deschner
1628d33ba0 r16190: Fix more memleaks.
Guenther
(This used to be commit dfebcc8e19)
2007-10-10 11:17:23 -05:00
Günther Deschner
97f496a0e3 r16117: Make winbindd work again in security=ads.
We still used the old HOST/* UPN to get e.g. users, now we need
samaccountname$@REA.LM.

Guenther
(This used to be commit f6516a799a)
2007-10-10 11:17:21 -05:00
Lars Müller
ec3021dc3b r15822: Add suggestion made by Ralf Haferkamp.
(This used to be commit 7c375fd540)
2007-10-10 11:17:10 -05:00
Gerald Carter
463e7c1171 r15701: change 'net ads leave' to disable the machine account in the domain (since removal implies greater permissions that Windows clients require)
(This used to be commit ad1f947625)
2007-10-10 11:17:08 -05:00
Günther Deschner
c60e96c392 r15698: An attempt to make the winbind lookup_usergroups() call in security=ads
more scalable:

The most efficient way is to use the "tokenGroups" attribute which gives
the nested group membership. As this attribute can not always be
retrieved when binding with the machine account (the only garanteed way
to get the tokenGroups I could find is when the machine account is a
member of the "Pre Win2k Access" builtin group).

Our current fallback when "tokenGroups" failed is looking for all groups
where the userdn was in the "member" attribute. This behaves not very
well in very large AD domains.

The patch first tries the "memberOf" attribute on the user's dn in that
case and directly retrieves the group's sids by using the LDAP Extended
DN control from the user's object.

The way to pass down the control to the ldap search call is rather
painfull and probably will be rearranged later on.

Successfully tested on win2k sp0, win2k sp4, wink3 sp1 and win2k3 r2.

Guenther
(This used to be commit 7d766b5505)
2007-10-10 11:17:08 -05:00
Günther Deschner
39c45ce4f1 r15697: I take no comments as no objections :)
Expand the "winbind nss info" to also take "rfc2307" to support the
plain posix attributes LDAP schema from win2k3-r2.

This work is based on patches from Howard Wilkinson and Bob Gautier
(and closes bug #3345).

Guenther
(This used to be commit 52423e01dc)
2007-10-10 11:17:08 -05:00
Günther Deschner
e129dc40f7 r15696: Free LDAP search result.
Guenther
(This used to be commit ec26c355b3)
2007-10-10 11:17:07 -05:00
Volker Lendecke
c290d34985 r15635: Fix a bogus gcc uninit variable message
(This used to be commit 53f7104b4f)
2007-10-10 11:17:04 -05:00
Gerald Carter
f1039b8fb4 r15560: Since the hotel doesn't have Sci-Fi and no "Doctor Who"....
Re-add the capability to specify an OU in which to create
the machine account.  Done via LDAP prior to the RPC join.
(This used to be commit b69ac0e304)
2007-10-10 11:17:01 -05:00
Gerald Carter
2c029a8b96 r15543: New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f)
2007-10-10 11:16:57 -05:00
Günther Deschner
3bff11407e r15461: Free LDAP result in ads_get_attrname_by_oid().
Guenther
(This used to be commit f4af888282)
2007-10-10 11:16:49 -05:00
Günther Deschner
b86c19795a r15250: dump some more sids.
Guenther
(This used to be commit 2922c7f570)
2007-10-10 11:16:30 -05:00
Jim McDonough
92f139d4c4 r14931: Fix #1374: can't join an OU with name that contains '#'
I had to eliminate "\" as an OU path separator, because it is the escape
char in LDAP.  We still accept "/", but using the escape char is just
not a good choice.
(This used to be commit 1953f63903)
2007-10-10 11:15:54 -05:00
Jim McDonough
06f7ee5d4b r14252: Fix Coverity #72: free alloc'ed storage before return. Also found one
more that coverity didn't find from asprintf.
(This used to be commit 37b6e2c8de)
2007-10-10 11:15:21 -05:00
Jeremy Allison
acf0c6fb66 r14118: Fix coverity bug #24. Missing return statement meant
a possible NULL ptr deref.
Jeremy.
(This used to be commit 78ac3f9cbd)
2007-10-10 11:11:13 -05:00
Günther Deschner
3432273ab0 r13965: Make sure we always reset the userAccountControl bits when re-joining
with an existing account.

Guenther
(This used to be commit e4c12ab167)
2007-10-10 11:11:01 -05:00
Volker Lendecke
c2288e6db3 r13951: Fix Coverity Bug #163.
This code was not used anyway :-)

Volker
(This used to be commit bbfb205693)
2007-10-10 11:11:01 -05:00
Günther Deschner
379bd6865f r13657: Let winbindd try to obtain the gecos field from the msSFU30Gecos
attribute when "winbind nss info = sfu" is set. Fixes #3539.

Guenther
(This used to be commit ffce0461de)
2007-10-10 11:10:21 -05:00
Günther Deschner
c1ffb8d9bc r13410: Dump a netbootGUID as a GUID.
Guenther
(This used to be commit 9b19a68456)
2007-10-10 11:09:59 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Gerald Carter
855e02f164 r13310: first round of server affinity patches for winbindd & net ads join
(This used to be commit 6c3480f9ae)
2007-10-10 11:06:23 -05:00
James Peach
92092cbcdc r12878: Don't use non-static array initialisers.
(This used to be commit 95b231f028)
2007-10-10 11:06:05 -05:00
Gerald Carter
3f6d9a7b9d r12196: patch from Krishna Ganugapati <krishnag@centeris.com>
Use the subtree delete ldap control when running 'net ads leave'
to ensure that the machine account is actually deleted.
(This used to be commit e96000c16c)
2007-10-10 11:05:49 -05:00
Jeremy Allison
d1f91f7c72 r12043: It's amazing the warnings you find when compiling on a 64-bit
box with gcc4 and -O6...
Fix a bunch of C99 dereferencing type-punned pointer will break
strict-aliasing rules errors. Also added prs_int32 (not uint32...)
as it's needed in one place. Find places where prs_uint32 was being
used to marshall/unmarshall a time_t (a big no no on 64-bits).
More warning fixes to come.
Thanks to Volker for nudging me to compile like this.
Jeremy.
(This used to be commit c65b752604)
2007-10-10 11:05:42 -05:00
Günther Deschner
f6b8327fac r11875: Allow to use START_TLS (by manually setting "ldap ssl = start_tls") for
LDAP connections to ADS (Windows 2003).

Guenther
(This used to be commit 95543fab0f)
2007-10-10 11:05:33 -05:00
Gerald Carter
ac331c48db r11863: BUG 3196: patch from Alex Deiter <tiamat@komi.mts.ru> to compile against the Sun LDAP client libs. But not for AD support; just ldap support
(This used to be commit a33e78aced)
2007-10-10 11:05:31 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
065d7e82a7 r8048: Replace "done" with "failed".
Guenther
(This used to be commit 7285edc4fe)
2007-10-10 10:58:09 -05:00
Volker Lendecke
3f11139bf3 r8047: "oid" is defined in a heimdal header. With my gcc this generates a ton of
shadowed variable warnings. Fix that.

Volker
(This used to be commit 3846c0afa1)
2007-10-10 10:58:09 -05:00
Günther Deschner
2e7f22e833 r7994: This adds support in Winbindd's "security = ads"-mode to retrieve the POSIX
homedirectory and the loginshell from Active Directory's "Services for Unix".

Enable it with:

        winbind sfu support = yes

User-Accounts without SFU-Unix-Attributes will be assigned template-based
Shells and Homedirs as before.

Note that it doesn't matter which version of Services for Unix you use (2.0,
2.2, 3.0 or 3.5). Samba should detect the correct attributes (msSFULoginShell,
msSFU30LoginShell, etc.) automatically.

If you also want to share the same uid/gid-space as SFU then also use PADL's
ad-idmap-Plugin:

        idmap backend = ad

When using the idmap-plugin only those accounts will appear in Name Service
Switch that have those UNIX-attributes which avoids potential uid/gid-space
clashes between SFU-ids and automatically assigned idmap-ids.

Guenther
(This used to be commit 28b5969942)
2007-10-10 10:58:07 -05:00
Jeremy Allison
7b9d6ac23e r6595: This is Volkers new-talloc patch. Just got the go-ahead from
Volker to commit. Woo Hoo !
Jeremy.
(This used to be commit 316df944a4)
2007-10-10 10:56:46 -05:00
Derrell Lipman
9840db418b r6149: Fixes bugs #2498 and 2484.
1. using smbc_getxattr() et al, one may now request all access control
   entities in the ACL without getting all other NT attributes.
2. added the ability to exclude specified attributes from the result set
   provided by smbc_getxattr() et al, when requesting all attributes,
   all NT attributes, or all DOS attributes.
3. eliminated all compiler warnings, including when --enable-developer
   compiler flags are in use.  removed -Wcast-qual flag from list, as that
   is specifically to force warnings in the case of casting away qualifiers.

Note: In the process of eliminating compiler warnings, a few nasties were
      discovered.  In the file libads/sasl.c, PRIVATE kerberos interfaces
      are being used; and in libsmb/clikrb5.c, both PRIAVE and DEPRECATED
      kerberos interfaces are being used.  Someone who knows kerberos
      should look at these and determine if there is an alternate method
      of accomplishing the task.
(This used to be commit 994694f7f2)
2007-10-10 10:56:24 -05:00
Gerald Carter
73d1950c01 r5956: more compile warngin fixes from the Mr. Mader
(This used to be commit f3f315b14d)
2007-10-10 10:56:11 -05:00
Gerald Carter
40295c41db r5948: more compile cleanups from Jason Mader
(This used to be commit cc6c769c3c)
2007-10-10 10:56:10 -05:00
Gerald Carter
a309fed583 r5336: BUG 2329: fix to re-enable winbindd to locate DC's when 'disable netbios = yes'
(This used to be commit 75a223f118)
2007-10-10 10:55:38 -05:00
Gerald Carter
44be949f28 r5207: patches from Jay Fenlason @ RedHat (scooped from their Fedora packages)
(This used to be commit 9019a84361)
2007-10-10 10:55:33 -05:00
Jeremy Allison
d16a5c4381 r4665: Fix inspired by posting from Joe Meadows <jameadows@webopolis.com>.
Make all LDAP timeouts consistent.
Jeremy.
(This used to be commit 0f0281c234)
2007-10-10 10:53:50 -05:00
Jeremy Allison
883874c562 r4346: Fix cut-and-paste error - bugid #2189. Fixed by Buck Huppmann <buckh@pobox.com>
Jeremy.
(This used to be commit 5c22cb082c)
2007-10-10 10:53:45 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Volker Lendecke
0bd9bc6eca r3841: Time out in ads search queries. Even AD servers can hang.
Volker
(This used to be commit fc454c8ef6)
2007-10-10 10:53:20 -05:00
Jeremy Allison
aad0bc6c37 r3764: Ensure on failure that *res is always NULL.
Check for malloc fail. Fixes for bug #2036.
Jeremy.
(This used to be commit b815247747)
2007-10-10 10:53:17 -05:00
Jeremy Allison
d4a46dec34 r3569: Fix for bug #1651, added extra servicePrincipalNames for kerberos interop.
Modified the redhat patch some...
Jeremy.
(This used to be commit 2ae717cd2c)
2007-10-10 10:53:10 -05:00
Jeremy Allison
f8345c1b18 r3273: Ensure we're consistent in the use of strchr_m for '@'.
Jeremy.
(This used to be commit 0f3f7b035b)
2007-10-10 10:53:03 -05:00
Günther Deschner
132879b285 r2832: Readd WKGUID-binding to match the correct default-locations of new
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).

This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.

Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.

Guenther
(This used to be commit 8836621694)
2007-10-10 10:52:54 -05:00
Gerald Carter
725d939548 r2091: only use sAMAccountName and not userPrincipalName since the breaks winbindd (lookup_name() only works with the sAMAccountName) -- *please* test this change. My tests all pass but there is probably something I missed
(This used to be commit 2bf08aaa37)
2007-10-10 10:52:31 -05:00
Gerald Carter
02001dfb6c r1381: fixing behavior found by gd@sernet.de; we must use the userPrincipalName value (host/hostname@REALM) and not the servicePrincipalName (host/fqdn@REALM) in the SASL binds
(This used to be commit 959da6e176)
2007-10-10 10:52:09 -05:00
Volker Lendecke
6c1baa6f4c r1330: Fix the build for systems without ldap headers
(This used to be commit b7267121af)
2007-10-10 10:52:07 -05:00
Jeremy Allison
569177a194 r1317: Patch from Joe Meadows "Joe Meadows" <jameadows@webopolis.com> to
add a timeout to the ldap open calls. New parameter, ldap timeout
added.
Jeremy.
(This used to be commit e5b3094c4c)
2007-10-10 10:52:06 -05:00
Jeremy Allison
7825677b86 r1222: Valgrind memory leak fixes. Still tracking down a strange one...
Can't fix the krb5 memory leaks inside that library :-(.
Jeremy.
(This used to be commit ad440213aa)
2007-10-10 10:52:00 -05:00
Jeremy Allison
e948458a79 r1215: Intermediate checkin of the new keytab code. I need to make sure I
haven't broken krb5 ticket verification in the mainline code path,
also need to check with valgrind. Everything now compiles (MIT, need
to also check Heimdal) and the "net keytab" utility code will follow.
Jeremy.
(This used to be commit f0f2e28958)
2007-10-10 10:52:00 -05:00
Jeremy Allison
05bc327990 r764: More memleak fixes in error code path from kawasa_r@itg.hitachi.co.jp.
Jeremy.
(This used to be commit 9647394e7c)
2007-10-10 10:51:37 -05:00
Jeremy Allison
a442c65e59 r562: Memory leak fix in error code path from kawasa_r@itg.hitachi.co.jp.
Jeremy.
(This used to be commit ac501348f4)
2007-10-10 10:51:29 -05:00
Gerald Carter
8ad3d8c9b0 r196: merging struct uuid from trunk
(This used to be commit 911a28361b)
2007-10-10 10:51:13 -05:00
Andrew Bartlett
d57d2d0897 Bug found by gd - the new range-reterival code did still had 'member'
hardcoded into it.

This didn't matter, as we only use it for 'member' so far...

Andrew Bartlett
(This used to be commit 8621899112)
2004-02-08 00:31:36 +00:00
Andrew Bartlett
e4f8914c3f Try to keep vl happy - shorten some of these lines.
(This used to be commit 3a4c56e4c6)
2004-01-05 12:20:15 +00:00
Andrew Bartlett
685e0cbeb8 Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

VL rewrote most of Gnther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

I rewrote that patch, to ensure that we can keep an eye on the USN
(sequence number) of the entry - this allows us to ensure the read was
atomic.

In particular, the range retrieval is now generic, for strings.  It
could easily be made generic for any attribute type, if need be.

Andrew Bartlett
(This used to be commit 131bb928f1)
2004-01-05 01:48:21 +00:00
Volker Lendecke
9f662094af After talking with abartlet remove the fix for bug 707 again.
Volker
(This used to be commit 0c8ee04c78)
2004-01-01 21:10:35 +00:00
Volker Lendecke
31ff56fd3e Fix for bug 707, getent group for huge ads groups (>1500 members)
This introduces range retrieval of ADS attributes.

I've rewritten most of Gnther's patch, partly to remove code duplication and
partly to get the retrieval of members in one rush, not interrupted by the
lookups for the DN.

Andrew, you told me that you would like to see a check whether the AD sequence
number is the same before and after the retrieval to achieve atomicity. This
would be trivial to add, but I'm not sure that we want this, as this adds two
roundtrips to every membership query. We can not know before the first query
whether we get additional range values, and at that point it's too late to ask
for the USN.

Tested with a group of 4000 members along with lots of small groups.

Volker
(This used to be commit 9d8235bf41)
2004-01-01 20:30:50 +00:00
Andrew Bartlett
5eee23cc64 auth/auth_util.c:
- Fill in the 'backup' idea of a domain, if the DC didn't supply one.  This
   doesn't seem to occour in reality, hence why we missed the typo.

lib/charcnv.c:
lib/smbldap.c:
libads/ldap.c:
libsmb/libsmbclient.c:
printing/nt_printing.c:
 - all the callers to pull_utf8_allocate() pass a char ** as the first
   parammeter, so don't make them all cast it to a void **

nsswitch/winbind_util.c:
 - Allow for a more 'correct' view of when usernames should be qualified
   in winbindd.  If we are a PDC, or have 'winbind trusted domains only',
   then for the authentication returns stip the domain portion.
 - Fix valgrind warning about use of free()ed name when looking up our
   local domain.  lp_workgroup() is maniplated inside a procedure that
   uses it's former value.  Instead, use the fact that our local domain is
   always the first in the list.

Andrew Bartlett
(This used to be commit 494781f628)
2003-12-31 00:31:43 +00:00
Jeremy Allison
ec83590024 Fix from ndb@theghet.to to allow an existing LDAP machine account to be
re-used, rather than created from scratch.
Jeremy.
(This used to be commit 6d46e66ac2)
2003-12-13 01:43:54 +00:00
Volker Lendecke
203710ea6d Get rid of a const warning
Volker
(This used to be commit 94860687c5)
2003-11-26 09:58:41 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Gerald Carter
48958b0105 don't call ads_destroy() twice; fixes segfault in winbindd when DC goes down; bug 437
(This used to be commit 1cfbd92404)
2003-10-03 21:43:09 +00:00
Jeremy Allison
ca1c6ebb11 Fix a nasty mess, and also bug #296. passdb/pdb_ldap.c was not converting
to/from utf8 for some calls. The libads code gets this right. Wonder why
the passdb code doesn't use it ?
Jeremy.
(This used to be commit 910d21d316)
2003-09-10 22:33:06 +00:00
Gerald Carter
d5bef211d0 revert retry loops in winbindd_ads as abartket points out, we
already have ads_search_retry() for this.  However, neither
domain_sid() nor sequence_nunber() used this function.  So modify
them to us ads_do_search_retry() so we can specify the base search
DN and scope.
(This used to be commit 89f6adf830)
2003-09-06 18:02:19 +00:00
Gerald Carter
8bfe26b62d metze's autogenerate patch for version.h
(This used to be commit ae452e51b0)
2003-08-20 17:13:38 +00:00
Jim McDonough
9f2e6167d2 Update my copyrights according to my agreement with IBM
(This used to be commit c9b209be2b)
2003-08-01 15:21:20 +00:00
Gerald Carter
0d087e3ba2 working on transtive trusts issue:
* use DsEnumerateDomainTrusts() instead of LDAP search.
    wbinfo -m now lists all trusted downlevel domains and
    all domains in the forest.

Thnigs to do:

  o Look at Krb5 connection trusted domains
  o make sure to initial the trusted domain cache as soon
    as possible
(This used to be commit 0ab00ccaed)
2003-07-31 05:43:47 +00:00
Gerald Carter
c916e5e390 fix case where no realm or workgroup means to use our own
(This used to be commit 6edc7e0a74)
2003-07-25 16:42:34 +00:00
Gerald Carter
3a00cedc01 connect to the right realm or domain for trusted AD domains
(This used to be commit 83376671c5)
2003-07-23 19:58:01 +00:00
Tim Potter
b5cd4a8643 Call the synchronous version of the ldap delete function otherwise we end up
treating the returned message id as an error code.
(This used to be commit 42fdcef324)
2003-07-07 02:50:09 +00:00
Jeremy Allison
ce72beb2b5 Removed strupper/strlower macros that automatically map to strupper_m/strlower_m.
I really want people to think about when they're using multibyte strings.
Jeremy.
(This used to be commit ff222716a0)
2003-07-03 19:11:31 +00:00
Tim Potter
40ece6552d Fix bug in doxygen comments for ads search functions.
(This used to be commit ae6c05ea72)
2003-07-03 04:12:54 +00:00
Gerald Carter
72876b79c9 * fix typos in a few debug statements
* check negative connection cache before ads_try_connect()
  in ads_find_dc()
(This used to be commit 2a76101a3a)
2003-06-25 19:00:15 +00:00
Gerald Carter
f51d769dd3 large change:
*)  consolidates the dc location routines again (dns
    and netbios)  get_dc_list() or get_sorted_dc_list()
    is the authoritative means of locating DC's again.

    (also inludes a flag to get_dc_list() to define
     if this should be a DNS only lookup or not)

    (however, if you set "name resolve order = hosts wins"
     you could still get DNS queries for domain name IFF
     ldap_domain2hostlist() fails.  The answer?  Fix your DNS
     setup)

*)  enabled DOMAIN<0x1c> lookups to be funneled through
    resolve_hosts resulting in a call to ldap_domain2hostlist()
    if lp_security() == SEC_ADS

*)  enables name cache for winbind ADS backend

*)  enable the negative connection cache for winbind
    ADS backend

*)  removes some old dead code

*)  consolidates some duplicate code

*)  moves the internal_name_resolve() to use an IP/port pair
    to deal with SRV RR dns replies.  The namecache code
    also supports the IP:port syntax now as well.

*)  removes 'ads server' and moves the functionality back
    into 'password server' (which can support "hostname:port"
    syntax now but works fine with defaults depending on
    the value of lp_security())
(This used to be commit d7f7fcda42)
2003-06-25 17:41:05 +00:00
Gerald Carter
f36c96d59c * s/get_dc_name/rpc_dc_name/g (revert a previous change)
* move back to qsort() for sorting IP address in get_dc_list()

* remove dc_name_cache in cm_get_dc_name() since it slowed
  things down more than it helped.  I've made a note of where
  to add in the negative connection cache in the ads code.
  Will come back to that.

* fix rpcclient to use PRINTER_ALL_ACCESS for set printer (instead
  of MAX_ALLOWED)

* only enumerate domain local groups in our domain

* simplify ldap search for seqnum in winbindd's rpc backend
(This used to be commit f8cab8635b)
2003-06-23 19:05:23 +00:00
Andrew Tridgell
ec0303820f we need to call ads_first_entry() before using a ldap result,
otherwise we can segv or return garbage
(This used to be commit d1316656b0)
2003-06-16 02:42:00 +00:00
Tim Potter
0a9396dcca Rename some uuid functions so as not to conflict with system
versions.  Fixes bug #154.
(This used to be commit 986eae40f7)
2003-06-13 04:35:53 +00:00
Andrew Bartlett
f071020f5e Merge from HEAD - save the type of channel used to contact the DC.
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
(This used to be commit 876e00fd11)
2003-04-21 14:09:03 +00:00
Jelmer Vernooij
f7792732e6 Change variable name to get this working on gcc 3.2 (Merge from HEAD)
(This used to be commit d49113caef)
2003-04-15 17:06:51 +00:00
Andrew Bartlett
aa4bfd4711 merge from HEAD - dump tokenGroups as sids.
(This used to be commit f0daa15521)
2003-03-17 22:41:14 +00:00
Andrew Bartlett
a65b65c87a Make sure these values are never uninitialsised.
(This used to be commit eacb8dde7a)
2003-02-24 03:43:49 +00:00
Andrew Bartlett
d1221c9b6c Merge from HEAD client-side authentication changes:
- new kerberos code, allowing the account to change it's own password
   without special SD settings required
 - NTLMSSP client code, now seperated from cliconnect.c
 - NTLMv2 client code
 - SMB signing fixes

Andrew Bartlett
(This used to be commit 837680ca51)
2003-02-24 02:55:00 +00:00
Jim McDonough
4560329abb Fix segv in net ads join...an extra & was the culprit
(This used to be commit 1a9050a6fe)
2003-02-19 15:04:04 +00:00
Andrew Bartlett
251ea1e677 Merge minor library fixes from HEAD to 3.0.
- setenv() replacement
 - mimir's ASN1/SPNEGO typo fixes
 - (size_t)-1 fixes for push_* returns
 - function argument signed/unsigned correction
 - ASN1 error handling (ensure we don't use initiailsed data)
 - extra net ads join error checking
 - allow 'set security discriptor' to fail
 - escape ldap strings in libads.
 - getgrouplist() correctness fixes (include primary gid)

Andrew Bartlett
(This used to be commit e9d6e2ea9a)
2003-02-19 12:31:16 +00:00
Jeremy Allison
8fc1f1aead Ensure that only parse_prs.c access internal members of the prs_struct.
Needed to move to disk based i/o later.
Jeremy.
(This used to be commit a823fee5b4)
2003-02-14 22:55:46 +00:00
Jeremy Allison
abbbaa2f6f Merging from HEAD - add a note about a better method for finding netbios name of workgroup
(not implemented yet)
Jeremy.
(This used to be commit c0eab99753)
2003-02-12 01:07:48 +00:00
Jeremy Allison
eccae5d23a Mem alloc checks.
Jeremy.
(This used to be commit 46ea028169)
2003-02-04 23:44:28 +00:00
Andrew Bartlett
963e88aa90 Merge LDAP filter parinoia from HEAD, a few other pdb_ldap updates and some
misc libads fixes.

Andrew Bartlett
(This used to be commit 9c3a1710ef)
2003-02-01 07:59:29 +00:00
Gerald Carter
8308ec6979 sanity checks from Ken Cross
(This used to be commit 9f35846b8e)
2003-01-21 01:21:33 +00:00
Andrew Bartlett
634c54310c Merge from HEAD - make Samba compile with -Wwrite-strings without additional
warnings.  (Adds a lot of const).

Andrew Bartlett
(This used to be commit 3a7458f947)
2003-01-03 08:28:12 +00:00
Jeremy Allison
64501e44ee Catching up with old patches. Add define for VERITAS quota support.
Check return in ldap.
Jeremy.
(This used to be commit 66eff26fc9)
2002-12-30 23:55:53 +00:00
Jeremy Allison
ef8bd7c4f7 Forward port the change to talloc_init() to make all talloc contexts
named. Ensure we can query them.
Jeremy.
(This used to be commit 09a218a9f6)
2002-12-20 20:21:31 +00:00
Jim McDonough
81a2a30739 More printer publishing code.
- Add published attribute to info2, needed for win clients to work properly
- Return proper info on getprinter 7

This means you can now look at the sharing tab of a printer and get correct
info about whether it is published or not, and change it.
(This used to be commit d57bddc9b2)
2002-12-13 19:01:27 +00:00
Gerald Carter
3ab6fcc5c6 [merge from APP_HEAD]
90% fix for CR 1076.  The password server parameter will no take things
like

        password server = DC1 *

which means to contact DC1 first and the go to auto lookup if it
fails.


jerry
(This used to be commit 016ef8b36b)
2002-11-23 14:52:34 +00:00
Andrew Bartlett
c64d762997 Updates from HEAD:
- const for PACKS() in lanman.c
 - change auth to 'account before password'
 - add help to net rpc {vampire,samsync}
 - configure updates for sun workshop cc
 - become_root() around pdb_ calls in auth_util for guest login.

Andrew Bartlett
(This used to be commit 43e90eb6e3)
2002-11-15 21:43:57 +00:00
Jeremy Allison
2f194322d4 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit f755711df8)
2002-11-12 23:20:50 +00:00
Tim Potter
ab1cf8d1cf Merge of get_dc_list() api change from HEAD.
(This used to be commit 6ba7847ce2)
2002-11-06 05:14:15 +00:00
Jim McDonough
4a7c48aaf0 Merge from HEAD:
GUID formatting on ads dump
Allow rc4-hmac when available
.NET likes both forms of servicePrincipalName in machine account record
(This used to be commit 89e3a3da5d)
2002-10-29 14:47:11 +00:00
Gerald Carter
f2d1f19a66 syncing up with HEAD. Seems to be a lot of differences creeping in
(i ignored the new SAMBA stuff, but the rest of this looks like it should
have been merged already).
(This used to be commit 3de09e5cf1)
2002-10-01 18:26:00 +00:00
Gerald Carter
a834a73e34 sync'ing up for 3.0alpha20 release
(This used to be commit 65e7b5273b)
2002-09-25 15:19:00 +00:00
Jelmer Vernooij
b2edf254ed sync 3.0 branch with head
(This used to be commit 3928578b52)
2002-08-17 17:00:51 +00:00
Andrew Tridgell
e90b652848 updated the 3.0 branch from the head branch - ready for alpha18
(This used to be commit 03ac082dcb)
2002-07-15 10:35:28 +00:00
Jim McDonough
69f41523b3 A few more updates:
- Add doxygen comments
- remove server sort control (ms implementation was not reliable)
- rename ads_do_search_all2() to ads_do_search_all_fn()
(This used to be commit 7aa5fa6172)
2002-04-10 13:28:03 +00:00
Jim McDonough
40260fdaf9 Several updates to get server side sorting going:
- Added sort control to ads_do_paged_search.  It allows a char * to be passed
  as the sort key.  If NULL, no sort is done.
- fixed a bug in the processing of controls (loop wasn't incremented properly)
- Added ads_do_search_all2, which funs a function that is passed in against
  each entry.  No ldapmessage structures are returned.  Allows results to
  be processed as the come in on each page.

I'd like ads_do_search_all2 to replace ads_do_search_all, but there's some
work to be done in winbindd_ads.c first.

Also, perhaps now we can do async ldap searches?  Allow us to process a
page while the server retrieves the next one?
(This used to be commit 95bec4c8ba)
2002-04-05 19:26:52 +00:00
Jim McDonough
f21ccff91f Try harder next time to not duplicate function...take ads_err2string back
out since it's already in ads_errstr() in ads_status.c
(This used to be commit 0475126ffb)
2002-04-04 03:03:00 +00:00
Jim McDonough
417b1ce487 Add ads_err2string() function for generating error strings from an ADS_STATUS.
I've got the cases besides gssapi...anyone know how to get those?
(This used to be commit c937e13522)
2002-04-04 02:49:30 +00:00
Jim McDonough
2ed1dfcf4e Added ads_process_results(), which takes a function that is called for each
entry returned from a search, and applies it to the results.  Re-structured
ads_dump to use this, plus changed the ber_free in ads_dump from (b,1) to
(b,0), in accordance with openldap manpages.  Also allows proper free of
result using ldap_msgfree afterwards, so you can do something with the
results after an ads_dump.
(This used to be commit f01f02fc56)
2002-03-29 21:06:33 +00:00
Jim McDonough
90ada79bbf Whoops, left the paged control not critical in the paged search...kind of
defeats the purpose.
(This used to be commit 71806c49b3)
2002-03-27 03:09:50 +00:00
Jim McDonough
1a06eeb6da Add server control to prevent referrals in paged searches. This keeps
the scope limited to the domain at hand, and also keeps the openldap
libs happy, since they don't currently chase referrals and return
server controls properly at the same time.
(This used to be commit 2bebc8a391)
2002-03-27 02:58:58 +00:00
Andrew Tridgell
b462700e53 added a ads_do_search_all() call, which is a more convenient interface
to paged searches. This makes updating winbindd to used paged searches
trivial.
(This used to be commit 514c11b4e3)
2002-03-19 22:14:53 +00:00
Andrew Tridgell
f464ceb109 fixed paged controls on my box. The problem seems to be incorrect
referrals parsing in the openldap libs. By disabling referrals we get
valid controls back and the cookies work.
(This used to be commit 8bf487ddff)
2002-03-19 12:58:38 +00:00
Jim McDonough
0640a5ceeb This adds the Paged Result Control to ads searching. The new function, ads_do_paged_search, is the same as ads_do_search, but it also contains a count of records returned in this page, and a cookie for resuming, to be passed back. The cookie must start off NULL, and when it returns as NULL, the search is done.
(This used to be commit 9afba67f9a)
2002-03-14 17:48:26 +00:00
Andrew Tridgell
2001b83faa detect SIZELIMIT_EXCEEDED in ldap queries and truncate
the problem is, how the heck do we properly handle these? Jerry?

It seems that the Win2000 ADS server only returns a max of 1000 records!
(This used to be commit 9338964720)
2002-03-13 06:43:52 +00:00
Andrew Tridgell
bd3a6e6cc9 put in the ADS DNS hack, but commented out
(This used to be commit 3396a671c5)
2002-03-11 04:06:30 +00:00
Andrew Tridgell
cfbbf73677 yipee! Finally put in the patch from Alexey Kotovich
<a.kotovich@sam-solutions.net> that adds the security decsriptor code
for ADS workstation accounts

thanks for your patience Cat, and thanks to Andrew Bartlett for
extensive reviews and suggestions about this code.
(This used to be commit 6891393b5d)
2002-03-10 01:54:44 +00:00
Herb Lewis
23e6fc25e2 fix for IRIX compile error
(This used to be commit 2d620909f9)
2002-03-04 01:07:02 +00:00
Jim McDonough
9fc99e3c55 Fix LDAP modification operation. Cut and paste error: was LDAP_MOD_ADD, should be LDAP_MOD_REPLACE. Caught by Alexey Kotovich.
(This used to be commit be48a05ed9)
2002-02-13 15:00:39 +00:00
Jim McDonough
a346cfb467 talloc'ify ads modify functions. Also add more complete berval support.
(This used to be commit 1f186c60ad)
2002-02-12 18:22:33 +00:00
Jim McDonough
d2b65dcbff Add ability to extend ads modification list on the fly. Also add some malloc checks and return ADS_ERROR(LDAP_NO_MEMORY) if they fail.
(This used to be commit 81d76f05d8)
2002-02-11 15:47:02 +00:00
Andrew Tridgell
fb444a546e when a trusted domain is down an ADS server will return a success on a
get trusted domains query but leave the domain SID blank - we need to
fail the add of the trusted domain in winbindd in that case
(This used to be commit 24c7e7a384)
2002-02-07 02:44:37 +00:00
Jim McDonough
9aa88da9d5 Fix ldapmod list overrun check. Also better document and format ldap control for permissive modify.
(This used to be commit 01e7f7c3d9)
2002-02-06 02:28:46 +00:00
Jim McDonough
81b54940b7 merge in some changes from Alexey Kotovich. Return ADS_STATUS instead of BOOLs. Add support for bervals in mod lists. Also put undocumented AD ldap control in to allow modifications when an attribute does not yet exist.
(This used to be commit 1a2d27b21e)
2002-02-02 22:06:10 +00:00
Jim McDonough
bb8349735f Minor bug fixes, plus support to remove a printer. Commented out optional attributes until a method for checking for their existence is done.
(This used to be commit 538c19a698)
2002-02-02 02:04:01 +00:00
Jim McDonough
0c63216603 Fix build errors on non-ldap systems...change function parms from LDAPMod ** to void **
(This used to be commit 9467792843)
2002-02-01 17:13:39 +00:00
Jim McDonough
9e75e5c1f0 Add functions for modifying an entry in ADS. Needed for printer publishing.
(This used to be commit 3d8d8cef64)
2002-02-01 16:14:33 +00:00
Tim Potter
cd68afe312 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06)
2002-01-30 06:08:46 +00:00
Jim McDonough
de260eadf9 Enable net ads commands to use existing tickets if the user doesn't specify a username on the commandline. Also don't continue past the kinit if a password is entered and fails because existing tickets would be used, which may not be desired if the username was specified.
(This used to be commit 7e5d7dfa83)
2002-01-25 22:07:46 +00:00
Andrew Tridgell
9f85d4ad5f much better support for organisational units in ADS join
(This used to be commit 7e876057d5)
2002-01-16 02:22:30 +00:00
Andrew Bartlett
4acb3125cd Fix up 'net ads join' to delete and rejoin if the account already exists.
This fixes up a problem where a machine would join (or downgrade by trust
password change) to NT4 membership and not be able to regain full ADS
membership until a 'net ads leave'.

Andrew Bartlett
(This used to be commit ab8ff85f03)
2002-01-11 04:50:45 +00:00
Andrew Tridgell
9e0297b3ed added nTSecurityDescriptor field to host acct dump
(This used to be commit f383e19e09)
2002-01-03 11:59:33 +00:00
Andrew Bartlett
34037e2479 Make Samba compile on RH 6.2 again.
We now include the libber.h file if required, but currently we just don't use
ldap.  (I'll chase this up).

In the meantime, I've moved the ads_status code about, its now in its own file,
and has a couple of #ifdefs to allow smbd to link - becouse the lack of LDAP
caused HAVE_ADS to be undefined. (I hope its not too ugly).

Andrew Bartlett
(This used to be commit 14407c87e2)
2001-12-30 05:59:43 +00:00
Andrew Tridgell
401c7495ea added ads_domain_sid() function
(This used to be commit ff002a458a)
2001-12-20 23:35:14 +00:00
Andrew Tridgell
6c7e9dfb29 net ads password and net ads chostpass commands from Remus Koos
(This used to be commit 412e79c448)
2001-12-20 03:54:52 +00:00
Andrew Tridgell
1f31ace6cb much better ADS error handling system
(This used to be commit 05a90a2884)
2001-12-19 12:21:12 +00:00
Andrew Tridgell
a062e58d9e - added initial support for trusted domains in winbindd_ads
- gss error code patch from a.bokovoy@sam-solutions.net
- better sid dumping in ads_dump
- fixed help in wbinfo
(This used to be commit ee1c3e1f04)
2001-12-19 08:44:23 +00:00
Andrew Tridgell
48c45486e3 allow selection of the organisational unit when joining a realm
(This used to be commit f1231c2b54)
2001-12-17 11:16:22 +00:00
Andrew Tridgell
e051c2c430 make sid_binstring available without HAVE_ADS
(This used to be commit 4a6d297686)
2001-12-10 00:39:01 +00:00
Andrew Tridgell
35eb6be4ea fix a DEBUG() line
(This used to be commit 18da530293)
2001-12-08 12:00:27 +00:00
Andrew Tridgell
5d378a280f added internal sasl/gssapi code. This means we are no longer dependent on cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm
(This used to be commit 435fdf276a)
2001-12-08 11:18:56 +00:00
Andrew Tridgell
d412f66cd8 added a propoer kerberos_kinit_password call
contribution from remus@snapserver.com

thanks!
(This used to be commit 3ace8f1fcc)
2001-12-06 05:41:53 +00:00
Andrew Tridgell
410dfc917f fixed a minor password memory leak
(This used to be commit 5985d7e6ee)
2001-12-05 10:44:30 +00:00
Andrew Tridgell
8aa0a817c1 handle ldap server down better
(This used to be commit 0d85815c99)
2001-12-05 10:14:22 +00:00
Andrew Tridgell
9421ad4a7a added a REALLY gross hack into kerberos_kinit_password so that
winbindd can do a kinit
this will be removed once we have code that gets a tgt
and puts it in a place where cyrus-sasl can see it
(This used to be commit 7d94f1b736)
2001-12-05 09:46:53 +00:00
Andrew Tridgell
5d41807f4d added timeouts and retries to ldap operations
(This used to be commit 4f004eb54d)
2001-12-05 09:19:25 +00:00
Andrew Tridgell
addea9645d moved the sequence number fetch into the backend, and fetch the
sequence number via ldap when using ads
(This used to be commit 9a084f0bb9)
2001-12-05 07:52:44 +00:00
Andrew Tridgell
0799c44680 paranoia fixes in based ldap routines for potential memory leaks
(This used to be commit 13b933104e)
2001-12-05 07:35:57 +00:00
Andrew Tridgell
5f76385e70 more memory leak fixes
(This used to be commit eb6f0e91dd)
2001-12-05 06:26:56 +00:00
Andrew Tridgell
19c0459153 added functions that convert a ads binary blob to a string (for
searching on SID)
(This used to be commit 31d6d049b3)
2001-12-05 04:44:34 +00:00
Andrew Tridgell
3ec4a4def3 added ads_search_dn() and ads_pull_sids()
(This used to be commit bc83d55f44)
2001-12-04 12:08:16 +00:00
Andrew Tridgell
2285b99cb1 added a basic ADS backend to winbind. More work needed, but at
least basic operations work
(This used to be commit 88241cab98)
2001-12-03 06:04:18 +00:00
Andrew Bartlett
fe64484824 Make better use of the ads_init() function to get the kerberos relam etc.
This allows us to use automagically obtained values in future, and the value
from krb5.conf now.

Also fix mem leaks etc.

Andrew Bartlett
(This used to be commit 8f9ce71781)
2001-11-29 06:21:56 +00:00
Andrew Tridgell
eec9e8a052 fix a bunch of places where we can double-free a cli structure
(This used to be commit e2ba2383c9)
2001-11-28 03:56:30 +00:00
Andrew Tridgell
cb697dd72a added "net ads user" and "net ads group" commands
(This used to be commit f482583139)
2001-11-25 01:31:07 +00:00
Andrew Tridgell
3906f9dff6 added "net ads status" command
(This used to be commit ae0eabd04c)
2001-11-25 01:06:56 +00:00
Andrew Tridgell
f2e969268d better auto-selection of realm and ldap server
(This used to be commit 69d256af46)
2001-11-25 00:08:48 +00:00
Andrew Tridgell
ad2974cd05 added "net join" command
this completes the first stage of the smbd ADS support
(This used to be commit 058a5aee90)
2001-11-24 14:16:41 +00:00
Andrew Tridgell
6464bb0ae5 added the beginnings of ADS support in smbd
(This used to be commit c7f6116919)
2001-11-20 08:54:15 +00:00