IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This opens the CLEAR_IF_FIRST tdb in the long living parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means the auth level is now based on the "winbindd sealed pipes" option,
defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It implies 'require strong key = yes' and 'client schannel = yes'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Until all callers are fixed to pass the same 'server_computer'
value, we try to calculate a server_netbios_name and use this
as unique identifier for a specific domain controller.
Otherwise winbind would use 'hostname.example.com'
while 'net rpc testjoin' would use 'HOSTNAME',
which leads to 2 records in netlogon_creds_cli.tdb
for the same domain controller.
Once all callers are fixed we can think about reverting this
commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.
Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.
We now use a node specific computer name in order to establish
individual netlogon sessions per node.
If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.
The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.
LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.
This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563https://bugzilla.samba.org/show_bug.cgi?id=7944https://bugzilla.samba.org/show_bug.cgi?id=7945https://bugzilla.samba.org/show_bug.cgi?id=7568https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 7 12:42:32 CET 2014 on sn-devel-104
It's the job of the caller to make sure it stays for the
whole lifetime of the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This code is generic enough to have it in the top level now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes sure that we don't have dangling pointers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>