sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code
127,919 Commits 62 Branches 1,153 Tags
Commit Graph

224 Commits

Author SHA1 Message Date
Stefan Metzmacher
38d4dba374 s3:rpc_client: make use of the new netlogon_creds_cli_context 
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.

This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-01-07 12:47:06 +01:00
Stefan Metzmacher
04600634b3 s3:rpc_client: try to use NETLOGON_NEG_SUPPORTS_AES 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2013-08-10 09:18:53 +02:00
Günther Deschner
a9d5b2fdf0 libcli/auth: also set secure channel type in netlogon_creds_client_init(). 
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2013-08-05 10:30:00 +02:00
Günther Deschner
563cc67ac6 libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation(). 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2012-12-15 21:50:36 +01:00
Günther Deschner
c6f4745c56 s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Günther Deschner
ec06c81db3 s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2012-12-09 19:39:07 +01:00
Volker Lendecke
b9a15f1bfa s3: Give machine password changes 10 minutes of time 
This is what we do at domain join time as well, see
lib/netapi/joindomain.c:141

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-06-22 17:28:20 +02:00
Andrew Bartlett
74eed8f3ed s3-param Remove special case for global_myname(), rename to lp_netbios_name() 
There is no reason this can't be a normal constant string in the
loadparm system, now that we have lp_set_cmdline() to handle overrides
correctly.

Andrew Bartlett
 2011-06-09 12:40:09 +02:00
Andrew Bartlett
ad0a07c531 s3-talloc Change TALLOC_ZERO_P() to talloc_zero() 
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
 2011-06-09 12:40:08 +02:00
Günther Deschner
9824e2e5ee s3-rpc_client: add and use rpc_client/rpc_client.h. 
Guenther
 2011-04-13 22:23:59 +02:00
Volker Lendecke
8af7400d55 s3: Fix some nonempty blank lines 2011-02-06 16:44:56 +01:00
Günther Deschner
f60398d7b2 s3-winbindd: let winbind try to use samlogon validation level 6. (bug #7945) 
The benefit of this that it makes us more robust to secure channel resets
triggered from tools outside the winbind process. Long term we need to have a
shared tdb secure channel store though as well.

Guenther

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Feb  4 18:11:04 CET 2011 on sn-devel-104
 2011-02-04 18:11:04 +01:00
Günther Deschner
99437614fa s3-rpcclient: allow to define validation level for samlogon. 
Guenther
 2011-01-24 16:56:00 +01:00
Günther Deschner
232378c6e5 s3-rpc_client: prefer dcerpc_netr_X functions. 
Guenther

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-01-13 12:36:54 +01:00
Günther Deschner
30eeb1e3d9 s3-rpc_client: move protos to init_netlogon.h 
Guenther
 2010-05-28 02:49:36 +02:00
Günther Deschner
5ed3654112 s3-rpc_client: move protos to cli_netlogon.h 
Guenther
 2010-05-18 21:42:37 +02:00
Stefan Metzmacher
1e9df26ef9 s3:cli_netlogon: keep the the correct negotiate_flags on the cli->dc structure 
This should fix the rpccli_netlogon_set_trust_password() against DC's
without netr_ServerPasswordSet2 support.

This fixes bug #7160.

metze
 2010-02-23 16:19:58 +01:00
Volker Lendecke
81a848be6d s3: Remove some unused variables 2010-01-10 22:43:02 +01:00
Günther Deschner
3d679a3b5f s3-rpc: Avoid including every pipe's client and server stubs everywhere in samba. 
Guenther
 2009-11-26 20:03:17 +01:00
Günther Deschner
64e8aa1b14 s3-netlogon: fix updating trust accout passwords with downlevel domains. 
When choosing the netlogon password set function, make sure to look at the
*negotiated* flags in the cli->dc state, not the ones we start the negotiation
with.

Guenther
 2009-10-16 18:03:32 +02:00
Günther Deschner
ebe0e64ba9 s3: use enum netr_SchannelType all over the place. 
Guenther
 2009-10-13 10:21:46 +02:00
Günther Deschner
4a1b50afd5 s3-netlogon: pass down account name to remote password set functions. 
Guenther
 2009-10-13 00:07:45 +02:00
Günther Deschner
0c2fc9eedf s3-netlogon: setup NETLOGON credential chain in rpccli_netlogon_set_trust_password() only when needed. 
Guenther
 2009-10-06 16:50:23 +02:00
Volker Lendecke
872f9c4f91 Revert "s3: Attempt to fix machine password change" 
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75.

Ooops, this should not have been committed.
 2009-10-05 22:14:06 +02:00
Volker Lendecke
20a8ea91e1 s3: Attempt to fix machine password change 2009-10-05 22:12:20 +02:00
Günther Deschner
7450f3ad99 s3-netlogon: remove remaining netlogon init functions. 
Guenther
 2009-06-25 16:46:31 +02:00
Volker Lendecke
6af92c0228 Do not panic unnecessarily 2009-04-28 05:31:48 +02:00
Günther Deschner
8d3e61e5ce s3-netlogon: Start fixing rpccli_netlogon_setup_creds after auth merge. 
Guenther
 2009-04-24 09:52:00 +02:00
Andrew Bartlett
baf7274fed Make Samba3 use the new common libcli/auth code 
This is particuarly in the netlogon client (but not server at this
stage)
 2009-04-14 16:23:44 +10:00
Andrew Bartlett
f28f113d8e Rework Samba3 to use new libcli/auth code (partial) 
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).

We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server

Andrew Bartlett
 2009-04-14 16:23:35 +10:00
Günther Deschner
3b9a03a7c3 s3: fix samlogon client and server calls. 
Guenther
 2008-10-15 16:14:20 +02:00
Günther Deschner
e194ded26e netlogon: move password change code out to rpccli_netlogon_set_trust_password. 
Guenther
 2008-09-21 22:30:39 +02:00
Günther Deschner
84bc4ff546 rpc_client: Bug 5616 - fix session keys also in rpccli_netr_LogonSamLogonEx wrapper. 
Guenther
(This used to be commit fef58091408cce0d7870c86f28f78cf9400cf2b6)
 2008-07-30 19:14:00 +02:00
Volker Lendecke
91df5551a4 Attempt to fix bug 5616 
We were calculating the session key but did not return it to the caller...
(cherry picked from commit 8ab79b1d009d53e414b90e4a0ab8fc7a4889b6df)
(This used to be commit b63a6a1fd6a96bbafd88cacb9493bfea9944d404)
 2008-07-28 18:07:01 +02:00
Volker Lendecke
abce3cdf56 Remove some unused code 
(This used to be commit b60a681dd09349426aa522d697abacf62ebfdaf2)
 2008-07-21 14:36:31 +02:00
Volker Lendecke
d460ead468 Remove one reference to PI_NETLOGON 
(This used to be commit e89bbab1b875a0b55b70913dcc1e3e73137c8b90)
 2008-07-21 14:36:31 +02:00
Volker Lendecke
2e905d2cd1 Allocate rpc_cli->dc in rpccli_netlogon_setup_creds() 
The general cli_pipe routines should not have to know about this NETLOGON
speciality.
(This used to be commit d30237598d0c55b73e202c1de3a020194b67a7e6)
 2008-07-20 17:06:21 +02:00
Volker Lendecke
f56eedb95c Remove the pipe_idx variable from rpc_pipe_client 
(This used to be commit 4840febcd481563c3d9b2fabc1fe1b2ae5a76cf6)
 2008-04-20 11:47:33 +02:00
Volker Lendecke
2a2188591b Add "desthost" to rpc_pipe_client 
This reduces the dependency on cli_state
(This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
 2008-04-20 00:13:09 +02:00
Volker Lendecke
b46d340fd5 Refactoring: Make struct rpc_pipe_client its own talloc parent 
(This used to be commit a6d74a5a562b54f0b36934965f545fdeb1e8b34a)
 2008-04-20 00:12:52 +02:00
Günther Deschner
99d3590455 Fix NETLOGON credential chain with Windows 2008 all over the place. 
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.

Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.

Guenther
(This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
 2008-04-02 11:12:47 +02:00
Günther Deschner
b1198fc9fd Fix samlogon rpc client & server. 
Guenther
(This used to be commit 0aaf975560dce3b4e58ab71687c3412c0c2a72cf)
 2008-03-27 13:06:43 +01:00
Günther Deschner
d8d1eea136 Fix typo. 
Guenther
(This used to be commit ffe77dc8b0476b7a5d81d63c3cf67f81033df12e)
 2008-03-27 00:48:08 +01:00
Günther Deschner
7269a504fd Add my copyright. 
Guenther
(This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
 2008-02-27 19:38:48 +01:00
Günther Deschner
bdd5f1cb2a Fix some uninitialized data in new netlogon client. 
Guenther
(This used to be commit bd6e2fcf3b3ab15736584edbbfb941b381988499)
 2008-02-19 01:51:41 +01:00
Günther Deschner
95cd28299e Remove unused marshalling for NET_AUTH3. 
Guenther
(This used to be commit ccf3ba0f5ce30d45a3d644552d1245391bf01754)
 2008-02-17 02:53:23 +01:00
Günther Deschner
9519d95c4a Use rpccli_netr_LogonSamLogonEx in rpccli wrapping function. 
Guenther
(This used to be commit 51a664cd5fc1cecc21a8a515bb959cac87296bcb)
 2008-02-17 02:37:12 +01:00
Günther Deschner
9f8f9c1483 Finally let our samlogon routines call rpccli_netr_LogonSamLogon internally and 
return netr_SamInfo3.

Guenther
(This used to be commit 9e5b732d451f6a2f09d2a71e5a3aec59c771db01)
 2008-02-17 02:12:01 +01:00
Günther Deschner
697f8904e7 Remove unused marshalling for NET_SRV_PWSET. 
Guenther
(This used to be commit e48737f04d2324b604f3290904ec6163a6242ae5)
 2008-02-16 16:06:55 +01:00
Günther Deschner
26106d2e39 Remove unused marshalling for NET_REQ_CHAL and NET_AUTH2. 
Guenther
(This used to be commit 2123aff75c8db431cb37d132058902287e740a85)
 2008-02-16 00:05:45 +01:00