1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

284 Commits

Author SHA1 Message Date
Stefan Metzmacher
9d548318da s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05 10:30:01 +02:00
Günther Deschner
d8461992db s4-rpc_server: use netlogon_creds_encrypt_samlogon().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
2012-12-16 01:34:01 +01:00
Günther Deschner
71572632bd s4-rpc_server: support AES encryption in interactive and generic samlogon.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00
Günther Deschner
01e69703fb s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:07 +01:00
Jelmer Vernooij
90b1a94cb4 netlogon: Per MS-NRPC, don't send unknown workstation flags back to the
client.
2012-09-26 22:12:07 +02:00
Stefan Metzmacher
04d770adac s4:rpc_server/netlogon: add support for AES based netlogon schannel
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:39 +02:00
Stefan Metzmacher
99231181e3 s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for it
metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Stefan Metzmacher
e48aabc006 s4:rpc_server/netlogon: implement netr_LogonGetCapabilities
This is also needed to support AES.

metze

Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17 10:58:38 +02:00
Andrew Bartlett
e7397eeaa2 s4-netlogond: Fix use of uninitialised value dns_name
The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name
when the value was not set.  New tests for our trusted domains code create
domain trusts without a DNS domain name.  Found by the autobuild flakey build detector.

Andrew Bartlett
2012-02-27 07:36:05 +01:00
Matthias Dieter Wallnöfer
9a91d7f05a s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explaination
NETLOGON pipe is only thought for DCs.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-23 10:36:33 +01:00
Matthias Dieter Wallnöfer
521c708fe4 s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctly
The rules are explained in MS-NRPC 2.2.1.2.1.

Patch inspired by Matthieu Patou.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27 12:51:54 +01:00
Matthieu Patou
1770dafafd s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we are unable to translate the domain to a dn
Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27 12:50:49 +01:00
Andrew Bartlett
5603dab647 libcli/auth: Provide a struct loadparm_context to schannel calls
This will allow us to pass this down to the tdb_wrap layer.

Andrew Bartlett
2011-10-13 14:06:07 +02:00
Andrew Tridgell
4afe426877 s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2
this may be different from the CLDAP response, as it can be IPv6

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Jun  8 06:07:29 CEST 2011 on sn-devel-104
2011-06-08 06:07:29 +02:00
Andrew Bartlett
ea0ac9cdfc s4-auth Rename auth -> auth4 to avoid conflict with s3 auth 2011-05-08 10:56:26 +02:00
Andrew Tridgell
f0e7303023 s4-rpc: improved error mapping for several RPC server calls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-04-04 10:30:30 +10:00
Matthias Dieter Wallnöfer
0b5719f5fc s4:netlogon RPC server - "LogonGetDomainInfo" - check for NULL attributes
This is needed to complete the transition from "samdb_msg_add_string" to
"ldb_msg_add_string".
And this patch yields better NTSTATUS error results than before
(INVALID_PARAMETER rather than OUT_OF_MEMORY).

Reviewed-by: Jelmer

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Tue Mar  1 14:42:15 CET 2011 on sn-devel-104
2011-03-01 14:42:15 +01:00
Jelmer Vernooij
59a077d8f5 Fix some types
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28 23:30:06 +01:00
Andrew Bartlett
a2ce53c1f5 s4-auth Rework auth subsystem to remove struct auth_serversupplied_info
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc.  This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.

The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.

Andrew Barltett
2011-02-09 01:11:06 +01:00
Stefan Metzmacher
a4d4217dfa s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()
We need to check for invalid parameters before we check for
access denied.

metze
2011-02-02 11:58:26 +01:00
Stefan Metzmacher
578e87dbf2 s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on INVALID_PARAMETER/INFO_CLASS
metze
2011-02-02 11:58:26 +01:00
Stefan Metzmacher
97727e1068 s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid netr_Validation levels
metze
2011-02-02 11:58:26 +01:00
Matthias Dieter Wallnöfer
d0993e1278 s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"
- Performs the short computer name check against the sam account name.
- Enhances the LogonGetDomainInfo testsuite which checks the NULL
  "dns_hostname" behaviour

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
2010-11-19 12:50:32 +01:00
Matthias Dieter Wallnöfer
229f3cc9e8 s4:netlogon RPC server - "LogonGetDomainInfo" - always check the LDB return codes
Plus some cosmetic indentation fixes

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 31 19:26:45 UTC 2010 on sn-devel-104
2010-10-31 19:26:45 +00:00
Matthias Dieter Wallnöfer
39d40892c6 s4:netlogon RPC server - point out that the "LogonGetDomainInfo" "servicePrincipalName" generation is still needed 2010-10-31 18:44:06 +00:00
Matthias Dieter Wallnöfer
7b3dbbde04 s4:dsdb - remove some calls of "samdb_msg_add_string" when we have talloc'ed strings
They can be substituted by "ldb_msg_add_string" if the string was already
talloc'ed.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
2010-10-24 20:03:27 +00:00
Stefan Metzmacher
821a20221d s4:rpc_server/netlogon: netr_ServerAuthenticate3 should return NO_TRUST_SAM_ACCOUNT
If we can't find the account we should return NT_STATUS_NO_TRUST_SAM_ACCOUNT
instead of NT_STATUS_ACCESS_DENIED.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct 23 10:05:35 UTC 2010 on sn-devel-104
2010-10-23 10:05:35 +00:00
Stefan Metzmacher
f0879fc3b2 s4:rpc_server/netlogon: netr_ServerAuthenticate3 should reject invalid sec_channel_types early
metze
2010-10-23 11:02:43 +02:00
Stefan Metzmacher
c2696b2ec3 s4:rpc_server/netlogon: netr_ServerAuthenticate3 should check the challenge after the account
metze
2010-10-23 11:01:43 +02:00
Stefan Metzmacher
5ee49fc1c1 s4:rpc_server/netlogon: fix comment in netr_DsRGetDCName()
metze
2010-10-23 10:58:15 +02:00
Stefan Metzmacher
675c354b6b s4:rpc_server/netlogon: handle DC_RETURN_NETBIOS and DC_RETURN_DNS in netr_DsRGetDCNameEx2()
metze
2010-10-23 10:58:15 +02:00
Stefan Metzmacher
fcc2f6ba4a s4:rpc_server/netlogon: validate flags in netr_DsRGetDCNameEx2() and callers
Thanks to Tarun Chopra for the help of looking up all the bits in
the docs.

metze
2010-10-23 10:58:14 +02:00
Stefan Metzmacher
e297625d96 s4:rpc_server/netlogon: netr_GetDcName should return WERR_DCNOTFOUND for invalid names
Only netbios domain names are allowed.

metze
2010-10-23 10:58:14 +02:00
Matthias Dieter Wallnöfer
a3f61dea40 Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c""
This reverts commit 8a2ce5c47c.

Jelmer pointed out that these are also in use by other LDB databases - not only
SAMDB ones.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17 13:37:16 +00:00
Matthias Dieter Wallnöfer
8a2ce5c47c s4:remove "util_ldb" submodule and integrate the three gendb_* calls in "dsdb/common/util.c"
They're only in use by SAMDB code.

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-17 09:40:13 +00:00
Matthias Dieter Wallnöfer
a0e9814c0d s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", "samdb_result_uint64" and "samdb_result_string"
We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this
reduces only code redundancies.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-15 08:36:01 +11:00
Jelmer Vernooij
93126b3315 samdb: Add flags argument to samdb_connect(). 2010-10-10 23:08:49 +02:00
Stefan Metzmacher
76232a40d8 s4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() directly
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Oct  2 03:11:38 UTC 2010 on sn-devel-104
2010-10-02 03:11:38 +00:00
Andrew Tridgell
c4d2b6fbc2 s4-netlogon: added RODC DNS update call fwded to dnsupdate task
when we get a netlogon RODC DNS update, we send it to the dnsupdate
task
2010-09-27 22:55:05 -07:00
Andrew Tridgell
dc59de5627 s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecords
this is used by a RODC to do DNS updates, as TSIG updates are not
allowed by RODCs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-16 21:09:17 +10:00
Stefan Metzmacher
5c73c84f29 s4:rpc_server/netlogon: use irpc_binding_handle_by_name()
metze
2010-09-03 17:00:20 +02:00
Matthias Dieter Wallnöfer
786c41b095 s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also here the new password change syntax 2010-08-17 19:24:23 +02:00
Andrew Tridgell
2688375ffe s4-netlogon: added SEC_CHAN_RODC
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-17 21:21:51 +10:00
Andrew Bartlett
272e49e85c s4:auth Move struct auth_usersupplied_info to a common location
This also changes the calling convention slightly - we should always
allocate this with talloc_zero() to allow some elements to be
optional.  Some elements may only make sense in Samba3, which I hope
will use this common structure.

Andrew Bartlett
2010-08-14 11:58:13 +10:00
Matthias Dieter Wallnöfer
f5f236a4b9 s4:dcesrv_netr_LogonGetDomainInfo - improve the client OS informations update
As ekacnet pointed out on the mailing list we don't need to do a delete if we
(re)set the values afterwards - only if we don't set any new ones.
2010-07-31 20:44:29 +02:00
Andrew Tridgell
6b266b85cf s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Matthias Dieter Wallnöfer
56e4822566 s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the detection of the address family in a better way
Obviously the last attempt wasn't enough. Now we do really only read the first
byte in the address buffer which on little endian transmission does always
contain the address family (MS-NRPC 2.2.1.2.4.1).
This should now be working platform-independently.
2010-06-18 10:03:08 +02:00
Matthias Dieter Wallnöfer
d9c81e3ea5 s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the read of the IP packet version
This should make it clearer by the use of the standardised "sa_family_t" type
and hopefully fixes the problems on platforms other than Linux (NetBSD in the
buildfarm for example).
2010-06-16 21:47:22 +02:00
Matthias Dieter Wallnöfer
11e2608ba9 s3/s4:netrEnumerateTrustedDomains - this call returns a "NTSTATUS" result
See MS-NRPC 3.5.5.6.3.
2010-05-31 12:08:59 +02:00
Matthias Dieter Wallnöfer
0eec33417e s4:dcesrv_netr_DsrEnumerateDomainTrusts - fix an integer type 2010-05-31 12:08:58 +02:00