summaryrefslogtreecommitdiffstats
path: root/source/utils/net_ads.c
Commit message (Collapse)AuthorAgeFilesLines
* r23198: cherry pick more patches from SAMBA_3_0Gerald Carter2007-05-291-3/+3
|
* r22954: More messaging_registerVolker Lendecke2007-05-161-6/+0
|
* r22857: merge "net ads keytab list" from 3_0.Günther Deschner2007-05-141-1/+9
| | | | Guenther
* r22736: Start to merge the low-hanging fruit from the now 7000-line cluster ↵Volker Lendecke2007-05-071-1/+1
| | | | | | | | | patch. This changes "struct process_id" to "struct server_id", keeping both is just too much hassle. No functional change (I hope ;-)) Volker
* r22729: add help text for osver and osname options to 'net ads join' (patch ↵Gerald Carter2007-05-061-1/+6
| | | | from Dnailo A.)
* r22728: Patch from Danilo Almeida <dalmeida@centeris.com>:Gerald Carter2007-05-061-9/+31
| | | | | | When asked to create a machine account in an OU as part of "net ads join" and the account already exists in another OU, simply move the machine object to the requested OU.
* r21888: Add the osname and osver options to 'net ads join' as discussed Gerald Carter2007-03-201-1/+94
| | | | | | | | on the samba-technical ml. I'll add a 'net ads set attribute=value' utility later rather than the original 'net ads setmachineupn' patch that was also posted to the tech ml.
* r21609: Fix memory leaks in error code paths (and one in winbindd_group.c).Jeremy Allison2007-03-011-0/+9
| | | | | Patch from Zack Kirsch <zack.kirsch@isilon.com>. Jeremy.
* r21608: Fix a couple of memleaks in error code paths beforeJeremy Allison2007-03-011-1/+10
| | | | | Coverity finds them :-) Jeremy.
* r21606: Implement escaping function for ldap RDN valuesSimo Sorce2007-03-011-1/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix escaping of DN components and filters around the code Add some notes to commandline help messages about how to pass DNs revert jra's "concistency" commit to nsswitch/winbindd_ads.c, as it was incorrect. The 2 functions use DNs in different ways. - lookup_usergroups_member() uses the DN in a search filter, and must use the filter escaping function to escape it Escaping filters that include escaped DNs ("\," becomes "\5c,") is the correct way to do it (tested against W2k3). - lookup_usergroups_memberof() instead uses the DN ultimately as a base dn. Both functions do NOT need any DN escaping function as DNs can't be reliably escaped when in a string form, intead each single RDN value must be escaped separately. DNs coming from other ldap calls (like ads_get_dn()), do not need escaping as they come already escaped on the wire and passed as is by the ldap libraries DN filtering has been tested. For example now it is possible to do something like: 'net ads add user joe#5' as now the '#' character is correctly escaped when building the DN, previously such a call failed with Invalid DN Syntax. Simo.
* r21322: No feedback means consent :-)Volker Lendecke2007-02-131-1/+1
| | | | | | | | | | | It does not matter if I screw up 3.0.25 or 3.0.26 with this, so do it rather sooner than later. Add the notify support that already exists in 3_0 to 3_0_25. If you want to see this patch dissected into digestable parts, look at 3_0, revisions at about 20800 and following. Volker
* r21194: sync DNS update code from SAMBA_3_0Gerald Carter2007-02-061-42/+60
|
* r20903: Replace the hardcoded "smb.conf" string with the dyn_CONFIGFILEGerald Carter2007-01-191-6/+7
|
* r20857: Silence gives assent :-). Checking in the fix forJeremy Allison2007-01-171-10/+2
| | | | | | | | | site support in a network where many DC's are down. I heard via Volker there is still a bug w.r.t the wrong site being chosen with trusted domains but we'll have to layer that fix on top of this. Gd - complain if this doesn't work for you. Jeremy.
* r20119: Update help info indicating how to use separators (forward slash only) Jim McDonough2006-12-121-0/+2
| | | | and properly use backslashes in "net ads join computername="
* r19766: Fix a const-warning. Jerry, what did you want to fix with this line?Volker Lendecke2006-11-181-1/+0
| | | | Volker
* r19762: libaddns/*[ch] code fixes donated by Centeris Corporation Gerald Carter2006-11-171-62/+144
| | | | | | | | | | (http://www.centeris.com/) under my copyright. * Rework error reporting to use DNS_ERROR instead of int32 * Convert memory allocation to use talloc() * Generalize the DNS request/response packet marshalling * Fix the secure update requests
* r19754: * When using a krb5 session setup, we don't fill in the server_nameGerald Carter2006-11-161-27/+22
| | | | | | | string the clis_state struct. So call saf_store() after we have the short domain name in the lsa_query_inof_policy code. * Remove unused server string in saf_delete()
* r19651: Fix interesting bug with the automatic site coverage in Active ↵Günther Deschner2006-11-101-1/+1
| | | | | | | | | | | Directory: When having DC-less sites, AD assigns DCs from other sites to that site that does not have it's own DC. The most reliable way for us to identify the nearest DC - in that and all other cases - is the closest_dc flag in the CLDAP reply. Guenther
* r19528: Fix container handling for "net ads user" and "net ads group" functionsGünther Deschner2006-11-011-8/+19
| | | | | | along with some memleaks. Guenther
* r19527: Fix double free in "net ads group add".Günther Deschner2006-11-011-1/+0
| | | | Guenther
* r19525: Fix the same error in "net ads group delete".Günther Deschner2006-11-011-3/+4
| | | | Guenther
* r19524: Stop "net ads user delete" from doing funny things.Günther Deschner2006-11-011-3/+4
| | | | Guenther
* r19493: There is no point in prompting for a user's password in "net ads" whenGünther Deschner2006-10-251-0/+8
| | | | | | we can't find a domain controller at all. Guenther
* r19257: Janitor for Guenther - as well as a little massaging to makeJeremy Allison2006-10-121-37/+74
| | | | | | his patch fit SAMBA_3_0. (This is guenthers code). Make site support work correctly in net ads join. Jeremy.
* r19039: Do not segfault in "net ads printer info" when a requested printserverGünther Deschner2006-10-021-1/+2
| | | | | | does not exist. Guenther
* r19003: Finally activate "net ads gpo". Günther Deschner2006-09-291-1/+1
| | | | | | | | | | | | For those who are interested, try net ads gpo refresh mybox$ to get your machine related GPOs downloaded to /var/lib/samba/gpo_cache. Detailed information about GPOs is currently only printed when setting a higher debuglevel then 0. Guenther
* r18817: Enable the build of the gpo tool but do not make it available yet.Günther Deschner2006-09-221-1/+2
| | | | Guenther
* r18467: Some sites allow an account to be deleted, but notJeremy Allison2006-09-131-12/+15
| | | | | disabled. Cope with both - print appropriate messages. Jeremy.
* r18446: Add the ldap 'leave domain' code - call this asJeremy Allison2006-09-131-3/+14
| | | | | | a non-fatal error path if the 'disable machine account' code succeeded. Jeremy.
* r18170: Make sure to actually get the printing data before trying to publish itGünther Deschner2006-09-061-2/+5
| | | | | | in AD. Guenther
* r18019: Fix a C++ warnings: Don't use void * in libads/ for LDAPMessage anymore.Volker Lendecke2006-09-031-16/+16
| | | | | | | Compiled it on systems with and without LDAP, I hope it does not break the build farm too badly. If it does, I'll fix it tomorrow. Volker
* r17941: Fix print out of client site name.Jeremy Allison2006-08-301-1/+1
| | | | Jeremy.
* r17928: Implement the basic store for CLDAP sitenameJeremy Allison2006-08-301-2/+2
| | | | | | | | | | | | | | | | support when looking up DC's. On every CLDAP call store the returned client sitename (if present, delete store if not) in gencache with infinate timeout. On AD DNS DC lookup, try looking for sitename DC's first, only try generic if sitename DNS lookup failed. I still haven't figured out yet how to ensure we fetch the sitename with a CLDAP query before doing the generic DC list lookup. This code is difficult to understand. I'll do some experiments and backtraces tomorrow to try and work out where to force a CLDAP site query first. Jeremy.
* r17798: Beginnings of a standalone libaddns library released under Gerald Carter2006-08-241-3/+176
| | | | | | | | | | | | | | | | | | | | | | | | | | the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>. Additional work by me. It's still got some warts, but non-secure updates do currently work. There are at least four things left to really clean up. 1. Change the memory management to use talloc() rather than malloc() and cleanup the leaks. 2. Fix the error code reporting (see initial changes to dnserr.h) 3. Fix the secure updates 4. Define a public interface in addns.h 5. Move the code in libads/dns.c into the libaddns/ directory (and under the LGPL). A few notes: * Enable the new code by compiling with --with-dnsupdate * Also adds the command 'net ads dns register' * Requires -luuid (included in the e2fsprogs-devel package). * Has only been tested on Linux platforms so there may be portability issues.
* r17603: Make net_ads_join_ok return NTSTATUS.Volker Lendecke2006-08-181-7/+12
| | | | | | | | Thanks to Michael Adam <ma@sernet.de> hop, hop, hop... ;-) Volker
* r17602: Make check_ads_config return NTSTATUS, set some error codes in ↵Volker Lendecke2006-08-181-10/+18
| | | | | | | | net_ads_join. Thanks to Michael Adam <ma@sernet.de> Volker
* r17591: machine_account is unused, and ctx must be freed. Thanks MichaelVolker Lendecke2006-08-171-3/+2
|
* r17585: Don't let ads_status throw away the error information.Volker Lendecke2006-08-171-38/+45
| | | | | | Thanks to Michael Adam <ma@sernet.de>. Volker
* r17557: Change net_join_domain to return NTSTATUS instead of int.Volker Lendecke2006-08-151-15/+16
| | | | | | Thanks to Michael Adam <ma@sernet.de>. Volker
* r17551: Move some DEBUG to d_printf in interactive functions and returnVolker Lendecke2006-08-151-7/+10
| | | | | | | | NO_LOGON_SERVERS if no domain controller was found. Thanks to Michael Adam <ma@sernet.de>. Volker
* r17383: Patch from Michael Adams <ma@sernet.de> to catch Gerald Carter2006-08-031-17/+17
| | | | some memory leaks on error paths in net_ads_join()
* r17258: Cleanup the 'net ads help join' output and document createupn Gerald Carter2006-07-261-35/+46
| | | | and createcomputer options
* r17158: Add two new options to 'net ads join'Gerald Carter2006-07-201-12/+114
| | | | | | * createupn=[host_upn@realm] * createcomputer=<ou path top to bottom> (this was previously the only arg)
* r17149: Fail the join if we cannot set any SPNs for the machine account.Gerald Carter2006-07-191-24/+18
| | | | Disable the one we created and whine.
* r17086: Re-add ability to contact remote domain controllers with the "net ads"Günther Deschner2006-07-171-37/+62
| | | | | | | | | | | toolset. In 3.0.23 all those commands have been limited to the DC of our primary domain. Also distinguish calls that may go to remote DCs (search, info, lookup, etc.) from those that should only go to our primary domain (join, leave, etc.). Guenther
* r16952: New derive DES salt code and Krb5 keytab generationGerald Carter2006-07-111-15/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Major points of interest: * Figure the DES salt based on the domain functional level and UPN (if present and applicable) * Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC keys * Remove all the case permutations in the keytab entry generation (to be partially re-added only if necessary). * Generate keytab entries based on the existing SPN values in AD The resulting keytab looks like: ktutil: list -e slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) 7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32) 8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5) 9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5) The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName) and the sAMAccountName value. The UPN will be added as well if the machine has one. This fixes 'kinit -k'. Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket() continues to work with RC4-HMAC and DES keys.
* r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison2006-07-111-5/+6
| | | | | | | to do the upper layer directories but this is what everyone is waiting for.... Jeremy.
* r16453: Fix another memleak.Günther Deschner2006-06-211-0/+1
| | | | Guenther
* r16284: Start fixing up gcc4 -O6 warnings on an x86_64 box. size_t != unsignedJeremy Allison2006-06-161-2/+2
| | | | | | int in a format string. Jeremy.
generated by cgit (git 2.34.1) at 2025-09-27 11:31:30 +0000