sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-04 17:47:26 +03:00
Code
101,900 Commits 60 Branches 1,146 Tags
Commit Graph

191 Commits

Author SHA1 Message Date
Richard Sharpe
8bcdd677ce Convert all uses of uint32/16/8 to _t in source3/rpc_client. 
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-05-12 01:32:12 +02:00
Stefan Metzmacher
8d73127462 s3:cli_netlogon: cli_credentials_get_old_nt_hash() in rpccli_setup_netlogon_creds_with_creds() 
This way we'll fallback to use the previous machine/trust account password
if required.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-03-12 17:13:42 +01:00
Stefan Metzmacher
995cf54b31 s3:cli_netlogon: add rpccli_{create,setup}_netlogon_creds_with_creds() helper functions 
This simplifies the callers, then can just pass in a cli_credentials structure.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-12-19 13:15:13 +01:00
Andrew Bartlett
ae72733874 s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we can 
This is very helpful in the trusted domain situation, as we may not
have a two-way trust but we can use our domain trust account to set up
a connection to NETLOGON

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct  8 12:48:15 CEST 2014 on sn-devel-104
 2014-10-08 12:48:15 +02:00
Günther Deschner
b722167b2c s3-rpc_client: return info3 in rpccli_netlogon_password_logon(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2014-07-15 16:00:40 +02:00
Michael Adam
020fab300d s3:rpc_client: optimize the netlogon_creds_cli.tdb for read-only access 
Usually a record in this DB will be written once and then read
many times by winbindd processes on multiple nodes (when run in
a cluster). In order not to introduce a big performance penalty
with the increased correctness achieved by storing the netlogon
creds, in a cluster setup, we should activate ctdb's read only
record copies on this db.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-02-07 16:06:06 +01:00
Michael Adam
cf0cb0add9 dbwrap: add a dbwrap_flags argument to db_open() 
This is in preparation to support handing flags to backends,
in particular activating read only record support for ctdb
databases. For a start, this does nothing but adding the
parameter, and all databases use DBWRAP_FLAG_NONE.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-02-07 16:06:06 +01:00
Stefan Metzmacher
8cf4eff201 s3:rpc_client: use db_open() to open "netlogon_creds_cli.tdb" 
This uses dbwrap_ctdb if running in a cluster.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-22 17:11:54 +01:00
Stefan Metzmacher
3f41b58384 s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:16 +01:00
Stefan Metzmacher
e4fea80693 s3:rpc_client: remove unused rpccli_netlogon_sam_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:16 +01:00
Stefan Metzmacher
a4faf57b47 s3:rpc_client: remove unused rpccli_netlogon_setup_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:15 +01:00
Stefan Metzmacher
6d457ad9c1 s3:rpc_client: remove unused rpccli_netlogon_set_trust_password() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:15 +01:00
Stefan Metzmacher
b7dc3fb204 s3:rpc_client: add rpccli_netlogon_password_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
5196493c9e s3:rpc_client: add rpccli_netlogon_network_logon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
a07cc9a1c6 s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:08 +01:00
Stefan Metzmacher
3c025af657 s3:rpc_client: add rpccli_pre_open_netlogon_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:07 +01:00
Stefan Metzmacher
14ceb7b501 s3:rpc_client: add rpccli_{create,setup}_netlogon_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:07 +01:00
Stefan Metzmacher
38d4dba374 s3:rpc_client: make use of the new netlogon_creds_cli_context 
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.

This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:06 +01:00
Stefan Metzmacher
04600634b3 s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2013-08-10 09:18:53 +02:00
Günther Deschner
a9d5b2fdf0 libcli/auth: also set secure channel type in netlogon_creds_client_init(). 
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2013-08-05 10:30:00 +02:00
Günther Deschner
563cc67ac6 libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2012-12-15 21:50:36 +01:00
Günther Deschner
c6f4745c56 s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Günther Deschner
ec06c81db3 s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Volker Lendecke
b9a15f1bfa s3: Give machine password changes 10 minutes of time 
This is what we do at domain join time as well, see
lib/netapi/joindomain.c:141

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-06-22 17:28:20 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name() 
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
 2011-06-09 12:40:09 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Günther Deschner
9824e2e5ee s3-rpc_client: add and use rpc_client/rpc_client.h. 
Guenther
 2011-04-13 22:23:59 +02:00
Volker Lendecke
8af7400d55 s3: Fix some nonempty blank lines 2011-02-06 16:44:56 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) 
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
 2011-02-04 18:11:04 +01:00
Günther Deschner
99437614fa s3-rpcclient: allow to define validation level for samlogon. 
Guenther
 2011-01-24 16:56:00 +01:00
Günther Deschner
232378c6e5 s3-rpc_client: prefer dcerpc_netr_X functions. 
Guenther

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-01-13 12:36:54 +01:00
Günther Deschner
30eeb1e3d9 s3-rpc_client: move protos to init_netlogon.h 
Guenther
 2010-05-28 02:49:36 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Stefan Metzmacher
1e9df26ef9 s3:cli_netlogon: keep the the correct negotiate_flags on the cli->dc structure 
This should fix the rpccli_netlogon_set_trust_password() against DC's
without netr_ServerPasswordSet2 support.

This fixes bug #7160.

metze
 2010-02-23 16:19:58 +01:00
Volker Lendecke
81a848be6d s3: Remove some unused variables 2010-01-10 22:43:02 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
64e8aa1b14 s3-netlogon: fix updating trust accout passwords with downlevel domains. 
When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther
 2009-10-16 18:03:32 +02:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place. 
Guenther
 2009-10-13 10:21:46 +02:00
Günther Deschner
4a1b50afd5 s3-netlogon: pass down account name to remote password set functions. 
Guenther
 2009-10-13 00:07:45 +02:00
Günther Deschner
0c2fc9eedf s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed. 
Guenther
 2009-10-06 16:50:23 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change" 
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75.

Ooops, this should not have been committed.
 2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Günther Deschner
7450f3ad99 s3-netlogon: remove remaining netlogon init functions. 
Guenther
 2009-06-25 16:46:31 +02:00
Volker Lendecke
6af92c0228 Do not panic unnecessarily 2009-04-28 05:31:48 +02:00
Günther Deschner
8d3e61e5ce s3-netlogon: Start fixing rpccli_netlogon_setup_creds after auth merge. 
Guenther
 2009-04-24 09:52:00 +02:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code 
This is particuarly in the netlogon client (but not server at this
stage)
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Günther Deschner
3b9a03a7c3 s3: fix samlogon client and server calls. 
Guenther
 2008-10-15 16:14:20 +02:00
Günther Deschner
e194ded26e netlogon: move password change code out to rpccli_netlogon_set_trust_password. 
Guenther
 2008-09-21 22:30:39 +02:00
Günther Deschner
84bc4ff546 rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. 
Guenther
(This used to be commit fef58091408cce0d7870c86f28f78cf9400cf2b6)
 2008-07-30 19:14:00 +02:00