sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-06-19 23:17:05 +03:00
Code
96,413 Commits 62 Branches 1,160 Tags
Commit Graph

187 Commits

Author SHA1 Message Date
Günther Deschner
b722167b2c s3-rpc_client: return info3 in rpccli_netlogon_password_logon(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2014-07-15 16:00:40 +02:00
Michael Adam
020fab300d s3:rpc_client: optimize the netlogon_creds_cli.tdb for read-only access 
Usually a record in this DB will be written once and then read
many times by winbindd processes on multiple nodes (when run in
a cluster). In order not to introduce a big performance penalty
with the increased correctness achieved by storing the netlogon
creds, in a cluster setup, we should activate ctdb's read only
record copies on this db.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-02-07 16:06:06 +01:00
Michael Adam
cf0cb0add9 dbwrap: add a dbwrap_flags argument to db_open() 
This is in preparation to support handing flags to backends,
in particular activating read only record support for ctdb
databases. For a start, this does nothing but adding the
parameter, and all databases use DBWRAP_FLAG_NONE.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-02-07 16:06:06 +01:00
Stefan Metzmacher
8cf4eff201 s3:rpc_client: use db_open() to open "netlogon_creds_cli.tdb" 
This uses dbwrap_ctdb if running in a cluster.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-22 17:11:54 +01:00
Stefan Metzmacher
3f41b58384 s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:16 +01:00
Stefan Metzmacher
e4fea80693 s3:rpc_client: remove unused rpccli_netlogon_sam_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:16 +01:00
Stefan Metzmacher
a4faf57b47 s3:rpc_client: remove unused rpccli_netlogon_setup_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:15 +01:00
Stefan Metzmacher
6d457ad9c1 s3:rpc_client: remove unused rpccli_netlogon_set_trust_password() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:15 +01:00
Stefan Metzmacher
b7dc3fb204 s3:rpc_client: add rpccli_netlogon_password_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
5196493c9e s3:rpc_client: add rpccli_netlogon_network_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
a07cc9a1c6 s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
3c025af657 s3:rpc_client: add rpccli_pre_open_netlogon_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:07 +01:00
Stefan Metzmacher
14ceb7b501 s3:rpc_client: add rpccli_{create,setup}_netlogon_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:07 +01:00
Stefan Metzmacher
38d4dba374 s3:rpc_client: make use of the new netlogon_creds_cli_context 
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.

This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:06 +01:00
Stefan Metzmacher
04600634b3 s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2013-08-10 09:18:53 +02:00
Günther Deschner
a9d5b2fdf0 libcli/auth: also set secure channel type in netlogon_creds_client_init(). 
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2013-08-05 10:30:00 +02:00
Günther Deschner
563cc67ac6 libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2012-12-15 21:50:36 +01:00
Günther Deschner
c6f4745c56 s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Günther Deschner
ec06c81db3 s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Volker Lendecke
b9a15f1bfa s3: Give machine password changes 10 minutes of time 
This is what we do at domain join time as well, see
lib/netapi/joindomain.c:141

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-06-22 17:28:20 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name() 
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
 2011-06-09 12:40:09 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Günther Deschner
9824e2e5ee s3-rpc_client: add and use rpc_client/rpc_client.h. 
Guenther
 2011-04-13 22:23:59 +02:00
Volker Lendecke
8af7400d55 s3: Fix some nonempty blank lines 2011-02-06 16:44:56 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) 
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
 2011-02-04 18:11:04 +01:00
Günther Deschner
99437614fa s3-rpcclient: allow to define validation level for samlogon. 
Guenther
 2011-01-24 16:56:00 +01:00
Günther Deschner
232378c6e5 s3-rpc_client: prefer dcerpc_netr_X functions. 
Guenther

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-01-13 12:36:54 +01:00
Günther Deschner
30eeb1e3d9 s3-rpc_client: move protos to init_netlogon.h 
Guenther
 2010-05-28 02:49:36 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Stefan Metzmacher
1e9df26ef9 s3:cli_netlogon: keep the the correct negotiate_flags on the cli->dc structure 
This should fix the rpccli_netlogon_set_trust_password() against DC's
without netr_ServerPasswordSet2 support.

This fixes bug #7160.

metze
 2010-02-23 16:19:58 +01:00
Volker Lendecke
81a848be6d s3: Remove some unused variables 2010-01-10 22:43:02 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
64e8aa1b14 s3-netlogon: fix updating trust accout passwords with downlevel domains. 
When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther
 2009-10-16 18:03:32 +02:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place. 
Guenther
 2009-10-13 10:21:46 +02:00
Günther Deschner
4a1b50afd5 s3-netlogon: pass down account name to remote password set functions. 
Guenther
 2009-10-13 00:07:45 +02:00
Günther Deschner
0c2fc9eedf s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed. 
Guenther
 2009-10-06 16:50:23 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change" 
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75.

Ooops, this should not have been committed.
 2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Günther Deschner
7450f3ad99 s3-netlogon: remove remaining netlogon init functions. 
Guenther
 2009-06-25 16:46:31 +02:00
Volker Lendecke
6af92c0228 Do not panic unnecessarily 2009-04-28 05:31:48 +02:00
Günther Deschner
8d3e61e5ce s3-netlogon: Start fixing rpccli_netlogon_setup_creds after auth merge. 
Guenther
 2009-04-24 09:52:00 +02:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code 
This is particuarly in the netlogon client (but not server at this
stage)
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Günther Deschner
3b9a03a7c3 s3: fix samlogon client and server calls. 
Guenther
 2008-10-15 16:14:20 +02:00
Günther Deschner
e194ded26e netlogon: move password change code out to rpccli_netlogon_set_trust_password. 
Guenther
 2008-09-21 22:30:39 +02:00
Günther Deschner
84bc4ff546 rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. 
Guenther
(This used to be commit fef58091408cce0d7870c86f28f78cf9400cf2b6)
 2008-07-30 19:14:00 +02:00
Volker Lendecke
91df5551a4 Attempt to fix bug 5616 
We were calculating the session key but did not return it to the caller...
(cherry picked from commit 8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df)
(This used to be commit b63a6a1fd6a96bbafd88cacb9493bfea9944d404)
 2008-07-28 18:07:01 +02:00
Volker Lendecke
abce3cdf56 Remove some unused code 
(This used to be commit b60a681dd09349426aa522d697abacf62ebfdaf2)
 2008-07-21 14:36:31 +02:00
Volker Lendecke
d460ead468 Remove one reference to PI_NETLOGON 
(This used to be commit e89bbab1b875a0b55b70913dcc1e3e73137c8b90)
 2008-07-21 14:36:31 +02:00
Volker Lendecke
2e905d2cd1 Allocate rpc_cli->dc in rpccli_netlogon_setup_creds() 
The general cli_pipe routines should not have to know about this NETLOGON
speciality.
(This used to be commit d30237598d0c55b73e202c1de3a020194b67a7e6)
 2008-07-20 17:06:21 +02:00