1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

139 Commits

Author SHA1 Message Date
Jeremy Allison
944fb243eb Catching up with old patches. Add define for VERITAS quota support.
Check return in ldap.
Jeremy.
(This used to be commit e789edbb28)
2002-12-30 23:55:58 +00:00
Jeremy Allison
7f23546730 Forward port the change to talloc_init() to make all talloc contexts
named. Ensure we can query them.
Jeremy.
(This used to be commit 842e08e52a)
2002-12-20 20:23:06 +00:00
Jim McDonough
bfd8043a40 More printer publishing code.
- Add published attribute to info2, needed for win clients to work properly
- Return proper info on getprinter 7

This means you can now look at the sharing tab of a printer and get correct
info about whether it is published or not, and change it.
(This used to be commit adda04379e)
2002-12-13 18:56:48 +00:00
Jim McDonough
90d9cf973e More printer data to publish
(This used to be commit 82f3a786bf)
2002-12-05 19:13:20 +00:00
Jim McDonough
2e6c2a1456 Stop using hardcoded key/value strings, be more forgiving of dsspooler/dsdriver info existence.
(This used to be commit ca8735532c)
2002-12-03 19:41:43 +00:00
Gerald Carter
191dff2d27 [merge from APP_HEAD]
90% fix for CR 1076.  The password server parameter will no take things
like

        password server = DC1 *

which means to contact DC1 first and the go to auto lookup if it
fails.


jerry
(This used to be commit c31a17889e)
2002-11-23 14:27:56 +00:00
Jim McDonough
713b2f0b47 Don't pass a function to ADS_ERR_OK().
(This used to be commit a148e4c290)
2002-11-18 20:46:20 +00:00
Jim McDonough
bbd3e4b40a Next step of printer publishing.
net ads printer publish <printername> [servername]
Will retreive the DsSpooler and DsDriver info by rpc for a remote server
then publish it.

Next comes doing it within smbd
(This used to be commit 64951938cc)
2002-11-18 19:50:36 +00:00
Andrew Bartlett
77d0ff6357 Include the hostname we are trying to match with $@, to allow easier debugging.
(This used to be commit f5d8afc626)
2002-11-15 21:25:40 +00:00
Jeremy Allison
250c980119 Removed global_myworkgroup, global_myname, global_myscope. Added liberal
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a3)
2002-11-12 23:15:52 +00:00
Andrew Tridgell
a46d452926 make sure that if kerberos fails we can fall back on NTLMSSP for SASL
(This used to be commit 69dba08c40)
2002-11-10 00:35:04 +00:00
Tim Potter
ea24bb2da8 Merge of get_dc_list() api change. This was slightly more intrusive
than the version in APPLIANCE so watch out for boogs.
(This used to be commit 1e054e3db6)
2002-11-06 01:29:07 +00:00
Jim McDonough
69a2042dc6 Re-enable use of existing kerberos tickets.
(This used to be commit 6ec5dce698)
2002-10-31 19:20:33 +00:00
Andrew Tridgell
306e4cbead fixed a possible segv when dealing with a blank password
(This used to be commit d5d0d0de50)
2002-10-23 00:02:26 +00:00
Jim McDonough
e042a93cce Format objectGUIDs on ads dumps.
(This used to be commit 7eaf7e7115)
2002-10-18 20:11:29 +00:00
Andrew Tridgell
aadae4f84a only set UF_USE_DES_KEY_ONLY if we are using krb5 libraries that can't
do type 23
(This used to be commit c0612272e8)
2002-10-04 07:47:42 +00:00
Andrew Tridgell
14f65fb897 support all permitted encoding types in tickets. This allows us to
decode a type 23 ticket when the machine account is setup for non-DES
tickets
(This used to be commit 144d4429d7)
2002-10-04 07:41:56 +00:00
Andrew Tridgell
fa066fdde3 .NET likes both forms of servicePrincipalName in the machine account
record
(This used to be commit 8ff6d40d7f)
2002-10-03 14:23:06 +00:00
Andrew Bartlett
4e73790e3a Try to compile as much as possible with only ldap, but not kerberos.
(This used to be commit 9615ab10c0)
2002-09-28 14:42:32 +00:00
Andrew Bartlett
8b197158c9 Add the beginings of sam_ads to the tree.
This module, primarilly the work of "Stefan (metze) Metzmacher"
<metze@metzemix.de>, uses the Active Directory schema to store the
user/group/other information.  I've been testing it against a real AD server,
and it is intended to work with OpenLDAP as well.

I've moved a few functions around in our other libads code, which has made it
easier to tap into that existing code.

Also, I've made some changes to the SAM interface, I hope there are not too
many objections...   To ensure we don't get silly bugs in the skel module, it
is now in the default compile.  This way you should not forget to update it :-)

Andrew Bartlett
(This used to be commit 24fb0cde2f)
2002-09-28 12:27:04 +00:00
Andrew Bartlett
bc828246db This needs to be #ifdef HAVE_LDAP.
(This used to be commit 2b54a2fc2c)
2002-09-28 00:47:06 +00:00
Andrew Bartlett
7e4afe5381 Move a number of ADS related functions out into utility libs, so that things
like metze's sam_ads can also use them.

Also add error checking etc to a few more functions.

Andrew Bartlett
(This used to be commit c864edf4fb)
2002-09-27 12:23:47 +00:00
Andrew Bartlett
55b6cebbd4 Some small cleanups to the libads code (mainly error checking), and give a
sane prototype for the push_utf8_allocate code.

Andrew Bartlett
(This used to be commit ce00a3238e)
2002-09-27 03:05:20 +00:00
Andrew Bartlett
b06d2abe74 Another patch from metze, towards his work on sam_ads.
See mx-ldap.sf.net for his current progress.
(This used to be commit 9c62d1312f)
2002-09-25 09:40:45 +00:00
Andrew Bartlett
6f67ae667a Avoid a segfault in net join when you have not done an kinit, and it's falling
back to NTLMSSP.  We need to get the password out of the user, and this
eventually does.

Andrew Bartlett
(This used to be commit bb518a3bae)
2002-09-25 09:32:08 +00:00
Andrew Tridgell
b33681fc0b Add clock skew handling to our kerberos code. This allows us to cope with
the DC being out of sync with the local machine.
(This used to be commit 0d28d76947)
2002-09-17 12:12:50 +00:00
Andrew Tridgell
fffd0eb142 another const cleanup
(This used to be commit 443d5ebafa)
2002-09-17 12:07:47 +00:00
Andrew Bartlett
7a76d0e854 Seems I missed commiting this when I added the rest of metze's ADS patch.
Oh well, here it is...

Andrew Bartlett
(This used to be commit 7c2a667640)
2002-09-06 13:46:36 +00:00
Andrew Bartlett
eec38ee3bb Patch from "Stefan (metze) Metzmacher" <metze@metzemix.de>
to extend the ADS_STATUS system to include NTSTATUS, and to provide a better
general infrustructure for his sam_ads work.

I've also added some extra failure mode DEBUG()s to parts of the code.

NOTE:  The ADS_ERR_OK() macro is rather sensitive to braketing issues - without
the final set of brakets, the test is essentially inverted - causing some
intersting 'error = success' messages...

Andrew Bartlett
(This used to be commit 5b9a7ab901)
2002-09-06 11:46:59 +00:00
Andrew Bartlett
4aad4d7c73 Add some DEBUG()s to some libads failure modes.
(This used to be commit ad3c8da13b)
2002-09-06 10:39:34 +00:00
Andrew Tridgell
dcd0291694 convert the LDAP/SASL code to use GSS-SPNEGO if possible
we now do this:

- look for suported SASL mechanisms on the LDAP server
- choose GSS-SPNEGO if possible
- within GSS-SPNEGO choose KRB5 if we can do a kinit
- otherwise use NTLMSSP

This change also means that we no longer rely on having a gssapi
library to do ADS.

todo:
- add TLS/SSL support over LDAP
- change to using LDAP/SSL for password change in ADS
(This used to be commit b04e91f660)
2002-08-30 06:59:57 +00:00
Herb Lewis
2d05704d0e fix irix compile errors - cannot initialize array in declaration statement
with non-const values - strsep not defined
(This used to be commit a5c59b2cd1)
2002-08-20 18:43:59 +00:00
Andrew Tridgell
4361b5cea5 when using netbios lookup methods make sure we try any BDCs even if
we get a response from WINS for a PDC, if the PDC isn't responding.
(This used to be commit 57916316ff)
2002-08-06 05:11:57 +00:00
Andrew Tridgell
74c8441e9d fixed a memory corruption bug in ads_try_dns()
(This used to be commit 2ee0abb50f)
2002-08-06 03:26:58 +00:00
Andrew Tridgell
ab9ff0fa73 This fixes a number of ADS problems, particularly with netbiosless
setups.

- split up the ads structure into logical pieces. This makes it much
  easier to keep things like the authentication realm and the server
  realm separate (they can be different).

- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)

- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0

- completely rewrote the code for finding the LDAP server. Now try DNS
  methods first, and try all DNS servers returned from the SRV DNS
  query, sorted by closeness to our interfaces (using the same sort code
  as we use in replies from WINS servers). This allows us to cope with
  ADS DCs that are down, and ensures we don't pick one that is on the
  other side of the country unless absolutely necessary.

- recognise dnsRecords as binary when displaying them

- cope with the realm not being configured in smb.conf (work it out
  from the LDAP server)

- look at the trustDirection when looking up trusted domains and don't
  include trusts that trust our domains but we don't trust
  theirs.

- use LDAP to query the alternate (netbios) name for a realm, and make
  sure that both and long and short forms of the name are accepted by
  winbindd. Use the short form by default for listing users/groups.

- rescan the list of trusted domains every 5 minutes in case new trust
  relationships are added while winbindd is running

- include transient trust relationships (ie. C trusts B, B trusts A,
  so C trusts A) in winbindd.

- don't do a gratuituous node status lookup when finding an ADS DC (we
  don't need it and it could fail)

- remove unused sid_to_distinguished_name function

- make sure we find the allternate name of our primary domain when
  operating with a netbiosless ADS DC (using LDAP to do the lookup)

- fixed the rpc trusted domain enumeration to support up to approx
  2000 trusted domains (the old limit was 3)

- use the IP for the remote_machine (%m) macro when the client doesn't
  supply us with a name via a netbios session request (eg. port 445)

- if the client uses SPNEGO then use the machine name from the SPNEGO
  auth packet for remote_machine (%m) macro

- add new 'net ads workgroup' command to find the netbios workgroup
  name for a realm
(This used to be commit e358d7b24c)
2002-08-05 02:47:46 +00:00
Andrew Bartlett
056f849f0c Now that I got the function arguments sane, remove the silly (void **) casts
from some of the callers.

Andrew Bartlett
(This used to be commit eb3354aa6c)
2002-08-04 01:16:37 +00:00
Andrew Tridgell
55c978d85e net ads info now reports the IP of the LDAP server as well as its name - very useful in scripts
(This used to be commit fc0d5479b5)
2002-07-30 15:34:10 +00:00
Andrew Tridgell
2edcc96c11 a couple more minor tweaks. This now allows us to operate in ADS mode
without any 'realm =' or 'ads server =' options at all, as long as DNS
is working right.
(This used to be commit d3fecdd042)
2002-07-30 13:27:42 +00:00
Andrew Bartlett
29075c97d3 More fixes towards warnings on the IRIX compiler
(and yes, some of these are real bugs)

In particular, the samr code was doing an &foo of various types, to a function
that assumed uint32.  If time_t isn't 32 bits long, that broke.

They are assignment compatible however, so use that and an intermediate
variable.

Andrew Bartlett
(This used to be commit 30d0998c8c)
2002-07-20 13:02:47 +00:00
Andrew Tridgell
695b346ab5 fix setting machine passwords in the case where a user account of the
same name as the machine name exists. (we ended up setting the users
password, not the machines password!)
(This used to be commit fe1e6233c6)
2002-07-12 02:28:27 +00:00
Andrew Tridgell
5d82785756 this implements a completely new strategy for fetching group
membership from an ADS server. We now use a 'member' query on the
group and do a separate call to convert the resulting distinguished
name to a name, rid etc. This is *much* faster for very large numbers
of groups (on a quantum test system with 10000 groups it drops the
time from an hour to about 35 seconds).

strangely enough, this actually *increases* the amount of ldap
traffic, its just that the MS LDAP server answers these queries much
faster.
(This used to be commit 5538048e4f)
2002-07-11 05:28:08 +00:00
Andrew Tridgell
8fb570e6e0 this fixes the ads dump code
a char** isn't quite the same thing as a struct berval**  :)
(This used to be commit a92834ea94)
2002-07-11 03:41:09 +00:00
Andrew Tridgell
5ae8fa2df1 make sure we disable referrals in all ldap searches - they are badly
broken
(This used to be commit 022073d140)
2002-07-09 15:06:51 +00:00
Jim McDonough
83060558c9 Fix length in snprintf invocation to account for "dn:" in sasl gssapi bind.
Also remove unused line which incremented pointer by the wrong length anyway.

Provided by Anthony Liguori (aliguori@us.ibm.com).
(This used to be commit 47b7a3e0f3)
2002-07-08 20:46:54 +00:00
Andrew Bartlett
21b9280cf5 Kill off const warnings - add a pile of const to various places.
(This used to be commit 1de04ec473)
2002-07-08 02:14:57 +00:00
Andrew Tridgell
9930b0b065 used findstatic.pl to make some variables static and remove some dead
code
(This used to be commit 91ad9041e9)
2002-07-01 09:12:41 +00:00
Andrew Tridgell
859b135773 ads_mod_ber should be static, not public
this fixes the huge number of struct berval warnings on non-ads
compiles
(This used to be commit e7f588d815)
2002-07-01 07:30:40 +00:00
Jim McDonough
f90e74afba Const cleanup...should only be 2 warnings left from calling lib/util_str.c
str_list_copy().  Perhaps its proto should be fixed.
(This used to be commit b81bc2b34b)
2002-06-28 19:25:11 +00:00
Jim McDonough
f0a0c6955b Reduce compiler warnings.
(This used to be commit b361089360)
2002-06-26 17:27:30 +00:00
Andrew Bartlett
0327428f27 Break up samba's object dependencies, and its prototype includes.
Now smbclient, net, and swat use their own proto files - now the global
proto.h

The change to libads/kerberos.c was to break up the dependency on secrets.c -
we want to be able to write an ADS client that doesn't need local secrets.

I have other breakups in the works - I will remove the dependency of
rpc_parse on passdb (and therefore secrets.c) shortly.

(NOTE:  This patch does *not* break up includes.h, or other such forbidden
actions).

Andrew Bartlett
(This used to be commit edb41dad2d)
2002-06-25 02:29:09 +00:00