summaryrefslogtreecommitdiffstats
path: root/source/utils
Commit message (Collapse)AuthorAgeFilesLines
...
* Add a mechinism to allow for sane porting of rpcclient components into the newAndrew Bartlett2001-12-051-0/+166
| | | | | | | | 'net' command. This also gets us 'net rpc user add'. Andrew Bartlett
* added a boolean to the group mapping functions to specify if we need orJean-François Micouleau2001-12-041-5/+9
| | | | | | | | | | | | | | | | | | | | | not the privileges. Usually we don't need them, so the memory is free early. lib/util_sid.c: added some helper functions to check an SID. passdb/passdb.c: renamed local_lookup_rid() to local_lookup_sid() and pass an RID all the way. If the group doesn't exist on the domain SID, don't return a faked one as it can collide with a builtin one. Some rpc structures have been badly designed, they return only rids and force the client to do subsequent lsa_lookup_sid() on the domain sid and the builtin sid ! rpc_server/srv_util.c: wrote a new version of get_domain_user_groups(). Only the samr code uses it atm. It uses the group mapping code instead of a bloody hard coded crap. The netlogon code will use it too, but I have to do some test first. J.F.
* allow for passwords other than "samba2"Andrew Tridgell2001-12-041-1/+1
| | | | :)
* moved init_account_policy() to the right placeAndrew Tridgell2001-12-041-2/+0
|
* typo fixAndrew Tridgell2001-12-041-1/+1
|
* smbpasswd is *ugly*!Andrew Bartlett2001-12-041-0/+2
| | | | | | | | However this looks like the best spot to init the account policy db... (fix segfaults on all local smbpasswd ops) Andrew Bartlett
* Add 'net rpc join' to match the ADS equiv.Andrew Bartlett2001-12-043-295/+316
| | | | | | | | | | | | | | | | This kills off the offending code in smbpasswd -j -Uab%c In the process we have changed from unsing compelatly random passwords to random, 15 char ascii strings. While this does produce a decrese in entropy, it is still vastly greater than we need, considering the application. In the meantime this allows us to actually *type* the machine account password duruign debugging. This code also adds a 'check' step to the join, confirming that the stored password does indeed do somthing of value :-) Andrew Bartlett
* Some changes to the name resolution code in 'net' to allow us to find aAndrew Bartlett2001-12-042-25/+47
| | | | | | PDC, as well as changes for correctness as per tridge. Andrew Bartlett
* added a tdb to store the account policy informations.Jean-François Micouleau2001-12-031-12/+10
| | | | | | | | | | | | | | You can change them with either usermanager->policies->account or from a command prompt on NT/W2K: net accounts /domain we can add a rpc accounts to the net command. As the net_rpc.c is still empty, I did not start. How should I add command to it ? Should I take the rpcclient/cmd_xxx functions and call them from there ? alse changed the SAM_UNK_INFO_3 parser, it's an NTTIME. This one is more for jeremy ;-) J.F.
* This change reworkes the connection code for both rpcclient and net newAndrew Bartlett2001-12-032-73/+15
| | | | | | | | | | | 'net' untility. This should make it easier to port rpcclient code across to net. It also allows SPNEGO (the NTLMSSP subsystem in particular) to work, becouse it kills off the early destruction of the clear-text password. Andrew Bartlett
* Forgot this one with the last commit...Andrew Bartlett2001-12-031-0/+36
| | | | Andrew Bartlett
* This is another major rework of the 'net' command.Andrew Bartlett2001-12-033-1057/+1273
| | | | | | | | | | | | | | | | | | | | | | | | | | This time, all the existing functionality has been moved into 'net rap', ready for new commands in the 'net ads' and 'net rpc' categories. In particular, we hope to have the abilty to autoselect the appropriate backend to use based on smb.conf or other paramaters. This will allow 'net user' to work no matter what the remote server. The new 'net rpc' command will soon gain a 'net rpc join' and a 'net rpc user' based on the existing samba code. Also in this commit, the connection establishment code has been almost entirly reworked, and now has some minor sense of sainity to it. In particular, we can now connect to hosts *other* than localhost! We also have the ability to state on a per-command basis whether the 'localhost' is a sane default value. (A net join, for example, would not be sane against localhost). Unfortunetly we have had to make the basic paramaters global variables, but the 'cli' is not opened and closed on a per-command basis. Andrew Bartlett
* not used any moreAndrew Tridgell2001-12-011-144/+0
|
* Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter2001-11-301-10/+22
| | | | definitions.
* Changed again how the privilege list is handled in the group mapping code.Jean-François Micouleau2001-11-291-12/+9
| | | | | | | | | | | | | | | | This time it's a PRIVILEGE_SET struct instead of a simple uint32 array. It makes much more sense. Also added a uint32 systemaccount to the GROUP_MAP struct as some privilege showing in USRMGR.EXE are not real privs but a bitmask flag. I guess it's an heritage from NT 3.0 ! I could setup an NT 3.1 box to verify, but I'm too lazy (yes I still have my CDs). Added 3 more LSA calls: SetSystemAccount, AddPrivileges and RemovePrivileges, we can manage all this privilege from UserManager. Time to change the NT_USER_TOKEN struct and add checks in all the rpc functions. Fun, fun, fun. J.F.
* Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett2001-11-292-6/+8
| | | | | | | | | This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett
* fixed some krb5 ifdefsAndrew Tridgell2001-11-281-1/+1
|
* fix a bunch of places where we can double-free a cli structureAndrew Tridgell2001-11-283-10/+0
|
* prevent proto from picking up this as a defintion for 'main()' becoue it ↵Andrew Bartlett2001-11-261-1/+1
| | | | conflicts with nmbd's definition.
* More compiler warnings fixed. Some minor reformatting.Tim Potter2001-11-262-94/+143
|
* Got medieval on another pointless extern. Removed extern struct ipzeroTim Potter2001-11-264-12/+10
| | | | | | | and replaced with two functions: void zero_ip(struct in_adder *ip); BOOL is_zero_ip(struct in_addr ip);
* Minor typosVolker Lendecke2001-11-251-2/+2
|
* portability fixesAndrew Tridgell2001-11-251-3/+6
|
* fixed typoAndrew Tridgell2001-11-251-1/+1
|
* better helpAndrew Tridgell2001-11-251-1/+7
|
* use generate_random_str()Andrew Tridgell2001-11-251-47/+4
|
* added "net ads user" and "net ads group" commandsAndrew Tridgell2001-11-251-19/+66
|
* added "net ads status" commandAndrew Tridgell2001-11-251-14/+39
|
* made a "net ads" command, currently with "net ads join" and "net ads leave"Andrew Tridgell2001-11-252-4/+191
|
* added "net join" commandAndrew Tridgell2001-11-242-185/+191
| | | | this completes the first stage of the smbd ADS support
* rewrote net.cAndrew Tridgell2001-11-241-1260/+1071
| | | | | | | | | | The rewrite fixes a number of things: - much better command line parsing - fixed usage of static and const - better finding of hosts - clean internal separation of sub-functions - expandable design
* This is another rather major change to the samba authenticaionAndrew Bartlett2001-11-241-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | subystem. The particular aim is to modularized the interface - so that we can have arbitrary password back-ends. This code adds one such back-end, a 'winbind' module to authenticate against the winbind_auth_crap functionality. While fully-functional this code is mainly useful as a demonstration, because we don't get back the info3 as we would for direct ntdomain authentication. This commit introduced the new 'auth methods' parameter, in the spirit of the 'auth order' discussed on the lists. It is renamed because not all the methods may be consulted, even if previous methods fail - they may not have a suitable challenge for example. Also, we have a 'local' authentication method, for old-style 'unix if plaintext, sam if encrypted' authentication and a 'guest' module to handle guest logins in a single place. While this current design is not ideal, I feel that it does provide a better infrastructure than the current design, and can be built upon. The following parameters have changed: - use rhosts = This has been replaced by the 'rhosts' authentication method, and can be specified like 'auth methods = guest rhosts' - hosts equiv = This needs both this parameter and an 'auth methods' entry to be effective. (auth methods = guest hostsequiv ....) - plaintext to smbpasswd = This is replaced by specifying 'sam' rather than 'local' in the auth methods. The security = parameter is unchanged, and now provides defaults for the 'auth methods' parameter. The available auth methods are: guest rhosts hostsequiv sam (passdb direct hash access) unix (PAM, crypt() etc) local (the combination of the above, based on encryption) smbserver (old security=server) ntdomain (old security=domain) winbind (use winbind to cache DC connections) Assistance in testing, or the production of new and interesting authentication modules is always appreciated. Andrew Bartlett
* Changed how the privileges are stored in the group mapping code. It's nowJean-François Micouleau2001-11-231-18/+38
| | | | | | | | | | | | | | | | | | | | an array of uint32. That's not perfect but that's better. Added more privileges too. Changed the local_lookup_rid/name functions in passdb.c to check if the group is mapped. Makes the LSA rpc calls return correct groups Corrected the return code in the LSA server code enum_sids. Only enumerate well known aliases if they are mapped to real unix groups. Won't confuse user seeing groups not available. Added a short/long view to smbgroupedit. now decoding rpc calls to add/remove privileges to sid. J.F.
* Removed TimeInit() call from every client program (except for one placeTim Potter2001-11-2311-20/+0
| | | | | in smbd/process.c where the timezone is reinitialised. Was replaced with check for a static is_initialised boolean.
* added lsa_enum_sids to rpcclientJean-François Micouleau2001-11-221-3/+2
| | | | | | | fixed lsa_enum_rpivs server code. This time it works as W2K. fixed smbgroupedit to compile and work. J.F.
* W2K doesn't seem to respond to *#0 names in node status. Ensure nameJeremy Allison2001-11-211-1/+1
| | | | | lookup uses password server parameter when looking for PDCs. Jeremy.
* Merged in JohnR's ping messaging extension.Jeremy Allison2001-11-201-6/+9
| | | | Jeremy.
* Rename xmalloc, xmemdup, xstrdup to smb_$1 to avoid conflicts with theMartin Pool2001-11-201-8/+8
| | | | versions defined by libreadline on SCO (!).
* Make the smbpasswd options/usage message a little less bizarre: it nowMartin Pool2001-11-191-22/+20
| | | | | shows all the available options, but explains that you must be root to use them. Surely this is less confusing?
* Store some path names in global variables initialized to configureMartin Pool2001-11-1912-28/+20
| | | | default, rather than in preprocessor macros.
* Minor fixes to help display, and domain enumeration , and also preparation ↵Steve French2001-11-121-19/+35
| | | | for new command option
* Internationalization enbalement for net utility - replace printf with d_printfJim McDonough2001-11-061-233/+233
|
* Fix up pdbedit so that it at least compiles without warnings.Andrew Bartlett2001-11-041-92/+61
| | | | | | - Basic functionality intact - Now adds machine accounts without a uid. (using the machine uid range to avoid conflict with real uid based accounts)
* Got serious about const again.Jeremy Allison2001-11-041-18/+18
| | | | | | | REMOVED BZERO CALLS YET AGAIN !!! Why do these keep creeping back in.... They are *NOT* POSIX. I'm also thinking of removing strncpy as I'm sure it's not being used correctly.... Jeremy.
* Added NT_USER_TOKEN into server_info to fix extra groups problem.Jeremy Allison2001-11-031-4/+4
| | | | | Got "medieval on our ass" about const warnings (as many as I could :-). Jeremy.
* Adding support for net password, net service, net user info, fixing net helpsSteve French2001-11-031-59/+258
|
* Parionia to ensure people don't install libsmb based programs setuid root.Andrew Bartlett2001-10-311-1/+1
| | | | | | | libsmb has not been written to be setuid, with things like LIBSMB_PROG allowing all sort of fun and games. Andrew Bartlett
* Fix up smbpasswd -e/-d so that it doesn't change the password under you anyAndrew Bartlett2001-10-301-11/+13
| | | | | | | | | | | | | more. (Previously it set them to 'XXXX' or similar when only the flags were being changed - a bug I must have introduced when I reworked the passdb end of things a few weeks back.) Adds a new local flag: LOCAL_SET_PASSWORD to specify that the password is actually to be changed. Andrew Bartlett
* clear errno before a call, tdbsam will not update it.Simo Sorce2001-10-291-1/+1
| | | | just a hack to make things work.
* more compiler warningsHerb Lewis2001-10-231-1/+1
|
generated by cgit (git 2.34.1) at 2025-09-26 22:46:38 +0000