1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

127 Commits

Author SHA1 Message Date
Volker Lendecke
a40df6f92d r22135: Check in most of Michael Adam's net conf utility. A good share of this patch
is moving functions around to fix some linker dependencies for the registry.

Michael, I've renamed your auth_utils2.c to token_utils.c.

Thanks!

Volker
(This used to be commit 9de16f25c1)
2007-10-10 12:19:16 -05:00
Volker Lendecke
f56da0890f r21831: Back out r21823 for a while, this is going into a bzr tree first.
Volker
(This used to be commit fd0ee6722d)
2007-10-10 12:18:37 -05:00
Volker Lendecke
aa6055debd r21823: Let secrets_store_machine_password() also store the account name. Not used
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.

Volker
(This used to be commit f94e5af72e)
2007-10-10 12:18:36 -05:00
Volker Lendecke
0d91334fe7 r21784: Replace smb_register_idle_event() with event_add_timed(). This fixes winbind
who did not run the idle events to drop ldap connections.

Volker
(This used to be commit af3308ce5a)
2007-10-10 12:18:33 -05:00
Simo Sorce
4225f9a4bd r20116: Start merging in the work done to create the new idmap subsystem.
Simo.
(This used to be commit 50cd8bffee)
2007-10-10 12:16:25 -05:00
Jeremy Allison
3da4607374 r19424: Protect against username == NULL
Jeremy.
(This used to be commit 78b14de27a)
2007-10-10 12:15:34 -05:00
Jeremy Allison
f58f146834 r19422: Doh ! Put the krb5 user@realm code in the right place.
Jeremy.
(This used to be commit a31bbbaee1)
2007-10-10 12:15:34 -05:00
Günther Deschner
9c160dd9a7 r17086: Re-add ability to contact remote domain controllers with the "net ads"
toolset.

In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).

Guenther
(This used to be commit d573e64781)
2007-10-10 11:38:10 -05:00
Volker Lendecke
514af16de5 r17078: Ouch....
(This used to be commit 1d928f783a)
2007-10-10 11:38:10 -05:00
Volker Lendecke
95fd775e81 r17077: Activate RPC-SAMBA3-GETUSERNAME in the build farm
(This used to be commit 8c6088f2bd)
2007-10-10 11:38:10 -05:00
Jeremy Allison
fbdcf2663b r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need
to do the upper layer directories but this is what
everyone is waiting for....

Jeremy.
(This used to be commit 9dafb7f48c)
2007-10-10 11:19:14 -05:00
Simo Sorce
c2ff57e326 r15971: Obey the manpage description and make changesecretpw accept a password via stdin
(This used to be commit 60d4aabc32)
2007-10-10 11:17:15 -05:00
Simo Sorce
5e8221d909 r15646: Implement an setdomainsid command as well
(This used to be commit 51df47c772)
2007-10-10 11:17:05 -05:00
Gerald Carter
2c029a8b96 r15543: New implementation of 'net ads join' to be more like Windows XP.
The motivating factor is to not require more privileges for
the user account than Windows does when joining a domain.

The points of interest are

* net_ads_join() uses same rpc mechanisms as net_rpc_join()
* Enable CLDAP queries for filling in the majority of the
  ADS_STRUCT->config information
* Remove ldap_initialized() from sam/idmap_ad.c and
  libads/ldap.c
* Remove some unnecessary fields from ADS_STRUCT
* Manually set the dNSHostName and servicePrincipalName attribute
  using the machine account after the join

Thanks to Guenther and Simo for the review.

Still to do:

* Fix the userAccountControl for DES only systems
* Set the userPrincipalName in order to support things like
  'kinit -k' (although we might be able to just use the sAMAccountName
  instead)
* Re-add support for pre-creating the machine account in
  a specific OU
(This used to be commit 4c4ea7b20f)
2007-10-10 11:16:57 -05:00
Volker Lendecke
10373355df r14098: Fix Coverity # 112
(This used to be commit 121a350b92)
2007-10-10 11:11:11 -05:00
Günther Deschner
105825cf5a r13861: Avoid "net rpc join" segfaulting when storing the servername in the
affinity cache.

Guenther
(This used to be commit b8c07babbd)
2007-10-10 11:10:57 -05:00
Gerald Carter
f351b9c6eb r13382: added server affinity cache stores for 'net rpc join' and trusted domain code
(This used to be commit 9eb743584d)
2007-10-10 11:09:57 -05:00
Gerald Carter
0af1500fc0 r13316: Let the carnage begin....
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed)
2007-10-10 11:06:23 -05:00
Derrell Lipman
9c15bd311d r13212: r12414@cabra: derrell | 2006-01-28 17:52:17 -0500
lp_load() could not be called multiple times to modify parameter settings based
 on reading from multiple configuration settings.  Each time, it initialized all
 of the settings back to their defaults before reading the specified
 configuration file.

 This patch adds a parameter to lp_load() specifying whether the settings should
 be initialized.  It does, however, still force the settings to be initialized
 the first time, even if the request was to not initialize them.  (Not doing so
 could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769)
2007-10-10 11:06:18 -05:00
Lars Müller
c42be9fd38 r12986: Use d_fprintf(stderr, ...) for any error message in net.
All 'usage' messages are still printed to stdout.

Fix some compiler warnings for system() calls where we didn't used the
return code.  Add appropriate error messages and return with the error
code we got from system() or NT_STATUS_UNSUCCESSFUL.
(This used to be commit f650e3bdaf)
2007-10-10 11:06:09 -05:00
Volker Lendecke
608aa3f41e r12544: Fix segfaults in winbind, smbpasswd and net
(This used to be commit 9ca8edc26e)
2007-10-10 11:05:59 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Günther Deschner
fefbaf2bca r8911: cosmetic fixes.
Guenther
(This used to be commit bf67a86114)
2007-10-10 11:00:19 -05:00
Volker Lendecke
aa3b0b190d r7998: Fix usage message
(This used to be commit 1e9a8854b1)
2007-10-10 10:58:08 -05:00
Volker Lendecke
9f4c0afa0a r6277: This implements a new caching API for enumerating the pdb elements. It is
modeled after query_displayinfo and should hide the differences between users,
groups and aliases while allowing a cache analog load_sampw_entries:

struct pdb_search *pdb_search_users(uint16 acct_flags);
struct pdb_search *pdb_search_groups(void);
struct pdb_search *pdb_search_aliases(const DOM_SID *sid);
uint32 pdb_search_entries(struct pdb_search *search, uint32 start_idx,
                          uint32 max_entries,
                          struct samr_displayentry **result);
void pdb_search_destroy(struct pdb_search *search);

Why this API? Eventually we will need to apply the work gd has started on
enumerating users with paged ldap searches to groups and aliases. Before doing
that I want to clean up the search routines we have.

The sample application (more to follow) is 'net maxrid'.

Volker
(This used to be commit 8b4f67a1e9)
2007-10-10 10:56:34 -05:00
Herb Lewis
978ca84860 r6225: get rid of warnings from my compiler about nested externs
(This used to be commit efea76ac71)
2007-10-10 10:56:30 -05:00
Volker Lendecke
b6c143a17f r5316: Get 'net afskey' into a subcommand of its own, 'net afs key'.
Implement 'net afs impersonate', generate a token for a specified user. You
obviously need to be root for this operation.

Volker
(This used to be commit 5818b092e6)
2007-10-10 10:55:37 -05:00
Günther Deschner
31dea03916 r4850: Fix remaining pdb_setsampwent-calls.
To get all entries use a 0 acb_mask.

Guenther
(This used to be commit bc729f8fd8)
2007-10-10 10:53:59 -05:00
Gerald Carter
0a2449faf5 r4848: fix build; gd please check and make sure this is ok
(This used to be commit f1d59c3a26)
2007-10-10 10:53:59 -05:00
Jeremy Allison
acf9d61421 r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
2007-10-10 10:53:32 -05:00
Jim McDonough
b87a0af812 r3761: Fix bug #1932: crash when non-root invokes net getlocalsid
First check to see if we can open secrets.tdb.
(This used to be commit 81e3c78d05)
2007-10-10 10:53:16 -05:00
Volker Lendecke
e66c8217f8 r2935: This is a long-standing one in my patch-queue: A pair of net commands
(usersidlist/allowedusers) to scan a file server's share and list all users
who have permission to connect there.

Volker
(This used to be commit f7f84aa1de)
2007-10-10 10:52:57 -05:00
Tim Potter
b4cf9e9505 r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of
'..' from all #include preprocessor commands.   This fixes bugzilla #1880
where OpenVMS gets confused about the '.' characters.
(This used to be commit 7f161702fa)
2007-10-10 10:52:55 -05:00
Günther Deschner
132879b285 r2832: Readd WKGUID-binding to match the correct default-locations of new
User-, Group- and Machine-Accounts in Active Directory (this got lost
during the last trunk-merge).

This way we match e.g. default containers moved by redircmp.exe and
redirusr.exe in Windows 2003 and don't blindly default to cn=Users or
cn=Computers.

Further wkguids can be examied via "net ads search wellknownobjects=*".
This should still keep a samba3-client joining a samba4 dc. Fixes
Bugzilla #1343.

Guenther
(This used to be commit 8836621694)
2007-10-10 10:52:54 -05:00
Günther Deschner
e4c4d91896 r2080: Remove last traces of static migration to localhost. Needed to allow a
local netbios-alias bound to non-loopback interface as a migration target.

It's now possible to migrate printers|shares|files from Server A to
Server B while running the net-command on client C.

Guenther
(This used to be commit 0cfd2866df)
2007-10-10 10:52:30 -05:00
Günther Deschner
19e949a91b r1966: further work on and cleanup of the net-migration-tool.
It's now possible to migrate files preserving dos-attributes and correct
timestamps. Also added some small docu- and syntax-fixes.

Guenther
(This used to be commit 0e990582a0)
2007-10-10 10:52:25 -05:00
Volker Lendecke
4b32ee39d6 r1716: Get rid of a compiler warning. "pipe" is a symbol that is defined as a system
call, and gcc -Wall complains about a shadowed definition.

Volker
(This used to be commit 9a2fd67037)
2007-10-10 10:52:19 -05:00
Günther Deschner
60727acc3b r1692: first commit :)
* add IA64 to the architecture table of printer-drivers

* add new "net"-subcommands:

  net rpc printer migrate {drivers|printers|forms|security|settings|all}
        [printer]
  net rpc share migrate {shares|files|all} [share]

  this is the first part of the migration suite. this will will (once
  feature-complete) allow to do 1:1 server-cloning in the best possible way by
  making heavy use of samba's rpc_client-functions. all migration-steps
  are implemented as rpc/smb-client-calls; net communicates via rpc/smb
  with two servers at the same time (a remote, source server and a
  destination server that currently defaults to the local smbd). this
  allows e. g. printer-driver migration including driverfiles, recursive
  mirroring of file-shares including file-acls, etc. almost any migration
  step can be called with a migrate-subcommand to provide more flexibility
  during a migration process (at the cost of quite some redundancy :) ).

  "net rpc printer migrate settings" is still in a bad condition (many
  open questions that hopefully can be adressed soon).

  "net rpc share migrate security" as an isolated call to just migrate
  share-ACLs will be added later.

  Before playing with it, make sure to use a test-server. Migration is a
  serious business and this tool-set can perfectly overwrite your
  existing file/print-shares.

* along with the migration functions had to make I the following
  changes:

        - implement setprinter level 3 client-side

        - implement net_add_share level 502 client-side

        - allow security descriptor to be set in setprinterdata level 2
          serverside

guenther
(This used to be commit 8f1716a29b)
2007-10-10 10:52:19 -05:00
Volker Lendecke
7f00878fe6 r269: Patch from Krischan Jodies <kj@sernet.de>: Implement 'net rpc group delete'.
Volker
(This used to be commit ec32167496)
2007-10-10 10:51:16 -05:00
Andrew Bartlett
b48bd2eb32 r21: Ensure 'net' follows the behaviour of all other samba client tools,
and honours the 'netbios name' in the smb.conf.
(This used to be commit 591047c20a)
2007-10-10 10:51:03 -05:00
Volker Lendecke
ef4a7b3c40 Two little annoyances:
net rpc did not inform you if no smbd is running.

I never liked the error message (!) Success! when we established a trust.

Volker
(This used to be commit 4191a434d4)
2004-03-18 07:32:15 +00:00
Volker Lendecke
d9819ec090 Implement 'net groupmap set' and 'net groupmap cleanup'.
I was rather annoyed by the net groupmap syntax, I could never get it
right.

net groupmap set "domain admins" domadm

creates a mapping,

net groupmap set "domain admins" -C "Comment" -N "newntname"

should also do what you expect. I'd like to have some feedback on the usability
of this.

net groupmap cleanup

solves a problem I've had two times now: Our SID changed, and a user's primary
group was mapped to a SID that is not ours. net groupmap cleanup removes all
mappings that are not from our domain sid.

Volker
(This used to be commit eb4d4faff8)
2004-02-26 11:29:56 +00:00
Andrew Bartlett
9e2a098a0a Fix bug in previous global_sam_sid() commit. I broke the 'read from
MACHINE.SID' file functionality.

Also, before we print out the results of 'net getlocalsid' and 'net
getdomainsid', ensure we have tried to read that file, or have
generated one.

Andrew Bartlett
(This used to be commit 191b43159e)
2004-02-25 23:12:29 +00:00
Andrew Bartlett
56bd63b1cd I *hate* global variables...
OK, what was happening here was that we would invalidate global_sam_sid
when we set the sid into secrets.tdb, to force a re-read.

The problem was, we would do *two* writes into the TDB, and the second one
(in the PDC/BDC case) would be of a NULL pointer.  This caused smbd startups
to fail, on a blank TDB.

By using a local variable in the pdb_generate_sam_sid() code, we avoid this
particular trap.

I've also added better debugging for the case where this all matters, which
is particularly for LDAP, where it finds out a domain SID from the sambaDomain
object.

Andrew Bartlett
(This used to be commit 86ad04d26d)
2004-02-25 22:01:02 +00:00
Volker Lendecke
28cc456e08 Display some nicer error messages for login via 'net'. I don't
see a reason why we have so many special cases and not simply use
nt_errstr(nt_status).

Comments?

Volker
(This used to be commit ea1a5fb303)
2004-01-21 14:36:56 +00:00
Volker Lendecke
000b39a682 I needed a decently parseable format of smbstatus. Looking at smbstatus code
tells me that this should not be expanded, so I implemented

net status [sessions|shares] [parseable]

Volker
(This used to be commit 63d877c6b4)
2003-12-01 13:58:43 +00:00
Jim McDonough
c3125b6e2f Fix bug 451. Stop net -P from prompting for machine account password.
Based on work by Ken Cross (kcross@nssolutions.com).
(This used to be commit 8ef7ac22ef)
2003-10-23 14:33:19 +00:00
Jeremy Allison
bb0598faf5 Put strcasecmp/strncasecmp on the banned list (except for needed calls
in iconv.c and nsswitch/). Using them means you're not thinking about multibyte at
all and I really want to discourage that.
Jeremy.
(This used to be commit d7e35dfb92)
2003-10-22 23:38:20 +00:00
Volker Lendecke
c716385220 This only touches the fake kaserver support. It adds two parameters:
afs share -- this is an AFS share, do AFS magic things
afs username map -- We need a way to specify the cell and possibly
		    weird username codings for several windows domains
		    in the afs cell

Volker
(This used to be commit 4a3f7a9356)
2003-09-23 14:52:21 +00:00
Volker Lendecke
1c38391c70 Nobody complained on the team-list, so commit it ...
This implements some kind of improved AFS support for Samba on Linux with
OpenAFS 1.2.10. ./configure --with-fake-kaserver assumes that you have
OpenAFS on your machine. To use this, you have to put the AFS server's KeyFile
into secrets.tdb with 'net afskey'. If this is done, on each tree connect
smbd creates a Kerberos V4 ticket suitable for use by the AFS client and
gives it to the kernel via the AFS syscall. This is meant to be very
light-weight, so I did not link in a whole lot of libraries to be more
platform-independent using the ka_SetToken function call.

Volker
(This used to be commit 5775690ee8)
2003-09-07 16:36:13 +00:00