summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* added 'net rpc testjoin' and 'net ads testjoin' commandsAndrew Tridgell2002-08-053-20/+125
| | | | | unfortuately we don't seem to be able to auto-test the ADS join due to a rather nasty property of the GSSAPI library.
* Spelling fix.Tim Potter2002-08-051-1/+1
|
* fixed wbinfo -t for netbiosless domainsAndrew Tridgell2002-08-051-1/+7
|
* I must have missed this when I was adding 'const' to these earlier...Andrew Bartlett2002-08-051-1/+1
| | | | Andrew Bartlett
* Try to make this easier to debug - display the username that failed.Andrew Bartlett2002-08-051-1/+1
| | | | Andrew Bartlett
* This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell2002-08-0524-362/+629
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm
* passwords where not checked (you cannot check if the same buffer differs ↵Simo Sorce2002-08-041-6/+18
| | | | | | | | from itself). they where alo not clean after use! Simo.
* commented out strupper before key check against internal db, it's no goodSimo Sorce2002-08-041-1/+1
| | | | | | | | | | | | to check for uppercased strings when we store them not uppercased. jerry, this fix is needed to make usrmgr.exe work again. meanwhile we found out that NT_STATUS code may not be appropriate there. In particular it seem that an NT PDC will send back 02 as error (ERRbadfile) not 0xc000000f (NT_STATUS_NO_SUCH_FILE NT) I think further investigation is need to understand which are aprropriate return codes here.
* Now that I got the function arguments sane, remove the silly (void **) castsAndrew Bartlett2002-08-041-9/+9
| | | | | | from some of the callers. Andrew Bartlett
* fixed a bug where we were truncating the returned names in a netbiosAndrew Tridgell2002-08-031-1/+1
| | | | | name status query to 14 bytes, so we could not join a DC who had a netbios name of 15 bytes in length.
* updates the log level parameter man sectionSimo Sorce2002-08-031-3/+6
| | | | | can someone regenerate and commit the other formats? thanks
* fix log level, set a default, and also copy the value set in smb.conf into ↵Simo Sorce2002-08-032-10/+13
| | | | | | | parm_struct.ptr this one also fixes log level not shown in swat fix swat help system
* Fix length on mailslots. Looks like it should have been 0x17, not decimal 17.Jim McDonough2002-08-021-1/+1
|
* Escape ampersand(&) to better comply to SGML syntaxJelmer Vernooij2002-08-021-1/+1
|
* Moved rpc client routines from libsmb back to rpc_client where they belong.Tim Potter2002-08-0216-7671/+3635
|
* Added connect, session_request, session_setup and tconx methods.Tim Potter2002-08-021-21/+138
|
* Broke out unpacking of a username/password stored in a PythonTim Potter2002-08-022-28/+74
| | | | dictionary into a separate function.
* Merge of print notify fixes from APPLIANCE_HEAD.Tim Potter2002-08-023-6/+27
|
* Fixed compiler warning.Tim Potter2002-08-011-1/+1
|
* make sure we null terminate plaintext passwordsAndrew Tridgell2002-08-011-1/+1
|
* merge from SAMBA_2_2Gerald Carter2002-07-311-0/+154
|
* forgot to change the makefile system, sorrySimo Sorce2002-07-312-12/+10
|
* Add the current working document on the interface to the tree that we haveAndrew Bartlett2002-07-311-0/+123
| | | | | | | | | *somthing* in the directory. (Stops cvs update -P eating it). This is the combined effort of many from #samba-technical, kai, metze, ctrlsoft, idra and abartlet in particular. It will no doubt change :-) Andrew Bartlett
* Let everybody enjoy my new toy - make it the default!Andrew Bartlett2002-07-311-2/+2
| | | | | | | | | | | Authenticaions will now attempt to use winbind, and only fall back to 'ntdomain' (the old security=domain) code if that fails (for any reason, including wrong password). I'll fix up the authenticaion code to better handle the different types of failures in the near future. Andrew Bartlett
* Winbind updates!Andrew Bartlett2002-07-319-51/+201
| | | | | | | | | | | | | | | | This updates the 'winbind' authentication module and winbind's 'PAM' (actually netlogon) code to allow smbd to cache connections to the DC. This is particulary relevent when we need mutex locks already - there is no parallelism to be gained anyway. The winbind code authenticates the user, and if successful, passes back the 'info3' struct describing the user. smbd then interprets that in exactly the same way as an 'ntdomain' logon. Also, add parinoia to winbind about null termination. Andrew Bartlett
* Rework parinioa to ensure we never get passwords longer than MAX_PASS_LEN, norAndrew Bartlett2002-07-311-18/+11
| | | | | | | | longer than the buffer they claim to be in. Many thanks to tridge for explaining the macros. Andrew Bartlett
* fixed the length checking for plaintext passwords (thanks to andrewbAndrew Tridgell2002-07-311-2/+11
| | | | for spotting this)
* Don't accidenity mess with the wrong domain's sids.Andrew Bartlett2002-07-311-2/+2
|
* fix debug, at idra's suggestion.Andrew Bartlett2002-07-311-1/+1
| | | | Andrew Bartlett
* Only allow 'security=ads' when we HAVE_ADS.Andrew Bartlett2002-07-311-0/+2
| | | | Andrew Bartlett
* support netbiosless search for the DC using ADS in the winbindd AUTHAndrew Tridgell2002-07-311-58/+110
| | | | code.
* fixed multi-line strings for portabilityAndrew Tridgell2002-07-311-2/+2
|
* make sure we zero the unusued elements in a SID when parsingAndrew Tridgell2002-07-311-0/+3
|
* added 'disable netbios = yes/no' option, default is noAndrew Tridgell2002-07-312-2/+34
| | | | | | | | | | | | | When this option is disabled we should not do *any* netbios operations. You should also not start nmbd at all. I have put initial checks in at the major points we do netbios operations in smbd but there are bound to be more needed. Right now I've disabled all netbios name queries, all WINS lookups and node status queries in smbd and winbindd. I've been testing this option and the most noticable thing is how much more responsive things are! wthout those damn netbios timeouts things certainly are much slicker.
* fixed a net crash bug if we can't find a DC in a 'net rpc' commandAndrew Tridgell2002-07-311-0/+4
|
* added support for smbd listening on port 445 and 139. It now listensAndrew Tridgell2002-07-314-47/+88
| | | | | | | on both by default, and you can specify a list of ports to listen on either with "smb ports = " in smb.conf or using the -p option to smbd. this is needed for proper netbiosless operation.
* the ads_connect() here doesn't need to actually succeed, as its onlyAndrew Tridgell2002-07-311-3/+1
| | | | needed to find the DC IP. Just don't check its return value!
* make sure that 'net ads info' gives info on the server we specify, notAndrew Tridgell2002-07-311-0/+4
| | | | our smb.conf setup.
* Remove VFS module build so RPMs can build for now.John Terpstra2002-07-311-13/+13
|
* Fix the build for now..Jim McDonough2002-07-301-1/+1
| | | | Tridge, please look at this. Did you mean to take out the last parm?
* Add LSA RPC 0x2E, lsa_query_info2. Only level implemented is 0x0c, whichJim McDonough2002-07-306-5/+313
| | | | | is netbios and dns domain info. Also add code to set/fetch the domain GUID from secrets.tdb (although set is not yet called by anyone).
* net ads info now reports the IP of the LDAP server as well as its name - ↵Andrew Tridgell2002-07-304-4/+14
| | | | very useful in scripts
* this fixes plaintext passwords with win2000Andrew Tridgell2002-07-303-8/+10
| | | | | | | | | | there were 2 bugs: 1) we were sending a null challenge when we should have sent an empty challenge 2) the password can be in unicode if unicode is negotiated. This means our client code was wrong too :(
* always include the (void) for void fns ...Andrew Tridgell2002-07-301-1/+1
|
* a couple more minor tweaks. This now allows us to operate in ADS modeAndrew Tridgell2002-07-302-4/+9
| | | | | without any 'realm =' or 'ads server =' options at all, as long as DNS is working right.
* 2nd try at a fix for netbiosless connections to a ADS DC. This alsoAndrew Tridgell2002-07-301-31/+90
| | | | | make the code a fair bit cleaner as it splits up the ADS and RPC cases, which really are very different.
* removed a gratuitous standard_sub_basic() on the 'password server'Andrew Tridgell2002-07-301-2/+0
| | | | field. This has got to be pointless.
* - if we are in ADS mode then avoid an expensive netbios lookup to findAndrew Tridgell2002-07-301-7/+16
| | | | | | | | the servers netbios name when we don't need it. This also fixes ADS mode when the DC has netbios disabled. - if the password server is specified as an IP then actually use that IP, don't do a lookup for the servers name :)
* OK!Simo Sorce2002-07-3013-560/+622
| | | | | | | | Finally the cascaded VFS patch is in. Testing is very welcome, specially with layered multiple vfs modules. A big thank to Alexander Bokovoy for his work and patience :) Simo.
* Update a pile of Samba's SID lookup code to ensure:Andrew Bartlett2002-07-302-75/+92
| | | | | | | | | | | | | | | - That we never call winbind recursivly - That we never use an 'algorithmic' RID when we have a fixed uid or gid mapping in either the passdb or the group mapping db. Also, remove restrictions that say 'this domain only'. If we have a mapping configured, allow it to be returned. If we later decide certian mappings are invalid, then we sould put that in the code that actually does the map. Allow 'sid->name' transtations on the fixed 'well known' groups for NT, even if they are not represented by Unix groups yet. Andrew Bartlett
generated by cgit (git 2.34.1) at 2025-09-27 23:05:31 +0000