| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
domain name. We were passing in an already initialised string which was
causing the warning.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
|
| |
|
|
| |
sorry
|
| |
|
|
|
| |
named. Ensure we can query them.
Jeremy.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
cache code.
This uses gencache, mimir's new caching code that stores at text-based cache
of various data.
Mimir has done a *lot* of work on this patch, and it is finally time to
get it in CVS.
Andrew Bartlett
|
| |
|
|
| |
Andrew Bartlett
|
| |
|
|
|
|
| |
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
|
| |
|
|
|
|
| |
also try to uniform names to a clean scheme.
first part.
|
| |
|
|
| |
from APP_HEAD
|
| |
|
|
|
|
|
|
|
|
| |
Add const to some more functions, and reintroduce 'net rpc join oldstyle' as
*only* trying an old-style join.
This means that we can rely on it not prompting for a password on the build
farm.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
| |
positive name for this. It creates users and global groups. More to come.
Volker
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
It includes a conversion of make_user_info*() to NTSTATUS and some minor
changes to other files.
It also picks up on a nasty segfault that can occour in some security=domain
cases.
Andrew Bartlett
|
| | |
|
| |
|
|
| |
Volker
|
| |
|
|
| |
samsync operations (as a BDC)
|
| |
|
|
|
|
| |
Print domain SID on 'net rpc info'
Volker
|
| | |
|
| |
|
|
|
| |
unfortuately we don't seem to be able to auto-test the ADS join due to
a rather nasty property of the GSSAPI library.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setups.
- split up the ads structure into logical pieces. This makes it much
easier to keep things like the authentication realm and the server
realm separate (they can be different).
- allow ads callers to specify that no sasl bind should be performed
(used by "net ads info" for example)
- fix an error with handing ADS_ERROR_SYSTEM() when errno is 0
- completely rewrote the code for finding the LDAP server. Now try DNS
methods first, and try all DNS servers returned from the SRV DNS
query, sorted by closeness to our interfaces (using the same sort code
as we use in replies from WINS servers). This allows us to cope with
ADS DCs that are down, and ensures we don't pick one that is on the
other side of the country unless absolutely necessary.
- recognise dnsRecords as binary when displaying them
- cope with the realm not being configured in smb.conf (work it out
from the LDAP server)
- look at the trustDirection when looking up trusted domains and don't
include trusts that trust our domains but we don't trust
theirs.
- use LDAP to query the alternate (netbios) name for a realm, and make
sure that both and long and short forms of the name are accepted by
winbindd. Use the short form by default for listing users/groups.
- rescan the list of trusted domains every 5 minutes in case new trust
relationships are added while winbindd is running
- include transient trust relationships (ie. C trusts B, B trusts A,
so C trusts A) in winbindd.
- don't do a gratuituous node status lookup when finding an ADS DC (we
don't need it and it could fail)
- remove unused sid_to_distinguished_name function
- make sure we find the allternate name of our primary domain when
operating with a netbiosless ADS DC (using LDAP to do the lookup)
- fixed the rpc trusted domain enumeration to support up to approx
2000 trusted domains (the old limit was 3)
- use the IP for the remote_machine (%m) macro when the client doesn't
supply us with a name via a netbios session request (eg. port 445)
- if the client uses SPNEGO then use the machine name from the SPNEGO
auth packet for remote_machine (%m) macro
- add new 'net ads workgroup' command to find the netbios workgroup
name for a realm
|
| | |
|
| |
|
|
| |
need for a manual strdup() too...
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
again, and has added 'net rpc trustdom list' support.
This lists the trusted and trusting domains of a remote PDC.
I've applied these almost directly, just fixing some special
case code for when there are *no* trusting domains. We still
have some parse errors in this case however.
Andrew Bartlett.
From mimir's e-mail:
Here are another patches adding trust relationship features.
More details:
Better error reporting in cli_lsa_enum_trust_dom().
Implementation of cli_samr_enum_dom_users() which cli_samr.c
lacked.
More "consts" -- one of arguments in net_find_dc().
Modified implementation of run_rpc_command() -- now it
allows to reuse already opened connection (if it is passed)
to remote server's IPC$ (e.g. as part of longer exchange
of rpc calls). I'm sure Andrew will argue ;-)
More neat version of rpc_trustdom_list() function.
|
| |
|
|
|
|
|
|
| |
distinction between uchar and char).
Lots of const etc.
Andrew Bartlett
|
| |
|
|
|
| |
this also gives a way to distinguish a 'native mode' server from a
non-native server. This call will fail for a native mode server.
|
| |
|
|
| |
these errors happen all the time, so they shouldn't be level 0
|
| |
|
|
| |
net file
|
| | |
|
| |
|
|
| |
autoselect for this subcommand when appropriate.
|
| | |
|
| |
|
|
| |
not been implemented...is it worth the effort?
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
<mimir@diament.ists.pwr.wroc.pl>) this patch allows samba to correctly
enumerate its trusted domains - by exaimining the keys in the secrets.tdb file.
This patch has been tested with both NT4 and rpcclient/wbinfo, and adds
some extra functionality to talloc and rpc_parse to allow it to deal with
already unicode strings.
Finally, this cleans up some const warnings that were in net_rpc.c by pushing
another dash of const into the rpc client code.
Andrew Bartlett
|
| | |
|
| |
|
|
|
|
|
|
| |
- Added net_help.c for unified help when possible
- Added net rpc user listing, delete, info commands
- Unified net user command to autodetect ads/rpc/rap (try in that order)
- Added generic routine for detecting rpc (protocol > PROTOCOL_NT1)
- I'm sure I forgot something.
|
| | |
|
| | |
|
| |
|
|
| |
subcommand \n\t3) try oldstyle first, then more secure method\n to allow for autodetect between ads and rpc on net join
|
| |
|
|
| |
nicely, and make 'net help rap user' the same as 'net rap user help'...stuff like that
|
| | |
|
| |
|
|
|
|
|
|
| |
Rafal Szczesniak <mimir@diament.ists.pwr.wroc.pl>
This adds the 'net' tools to manipulate the trusted domains.
Andrew Bartlett
|
| |
|
|
| |
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
|
| |
|
|
|
|
|
|
| |
These two little features are very useful, but the passing of options about
needs some serious work. The popt stuff in the shutdown code is #ifdef'ed out
until the main popt loop can be convinced not to chew on the options :-(
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
| |
probably will never actually be genearted, but I like the style in any case.
Also fix a segfault in 'net rpc' when the login failed and a small memory leak
on failure in the auth_info.c code.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This moves the rest of the functionality into the 'net rpc join' code.
Futhermore, this moves that entire area over to the libsmb codebase, rather
than the crufty old rpc_client stuff.
I have also fixed up the smbpasswd -a -m bug in the process.
We also have a new 'net rpc changetrustpw' that can be called from a
cron-job to regularly change the trust account password, for sites
that run winbind but not smbd.
With a little more work, we can kill rpc_client from smbd entirly!
(It is mostly the domain auth stuff - which I can rework - and the
spoolss stuff that sombody else will need to look over).
Andrew Bartlett
|
| |
|
|
|
|
|
|
| |
'net' command.
This also gets us 'net rpc user add'.
Andrew Bartlett
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This kills off the offending code in smbpasswd -j -Uab%c
In the process we have changed from unsing compelatly random passwords
to random, 15 char ascii strings. While this does produce a decrese in
entropy, it is still vastly greater than we need, considering the application.
In the meantime this allows us to actually *type* the machine account
password duruign debugging.
This code also adds a 'check' step to the join, confirming that the
stored password does indeed do somthing of value :-)
Andrew Bartlett
|
|
|
This time, all the existing functionality has been moved into
'net rap', ready for new commands in the 'net ads' and 'net rpc' categories.
In particular, we hope to have the abilty to autoselect the appropriate
backend to use based on smb.conf or other paramaters.
This will allow 'net user' to work no matter what the remote server.
The new 'net rpc' command will soon gain a 'net rpc join' and a
'net rpc user' based on the existing samba code.
Also in this commit, the connection establishment code has been almost entirly
reworked, and now has some minor sense of sainity to it.
In particular, we can now connect to hosts *other* than localhost!
We also have the ability to state on a per-command basis whether the 'localhost'
is a sane default value. (A net join, for example, would not be sane against
localhost).
Unfortunetly we have had to make the basic paramaters global variables, but
the 'cli' is not opened and closed on a per-command basis.
Andrew Bartlett
|
