44058 Commits

Author	SHA1	Message	Date
Stefan Metzmacher	cfd139347c	s3:net_rpc: make use of trust_pw_change() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:12 +01:00
Stefan Metzmacher	a9281e6570	s3:rpcclient: make use of trust_pw_change() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:12 +01:00
Stefan Metzmacher	16c6e4992f	s3:libsmb: add trust_pw_change() ... This protects the password change using a domain specific g_lock, so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret' even on multiple cluster nodes doesn't race anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:12 +01:00
Stefan Metzmacher	d1340c20b0	s3:net_rpc: add net_context->netlogon_creds ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:11 +01:00
Stefan Metzmacher	3bf77812e8	s3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:11 +01:00
Stefan Metzmacher	fb13b002d5	s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from cmd_netlogon_database_redo() ... rpccli_netlogon_setup_creds() is already called in the main do_cmd() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:11 +01:00
Stefan Metzmacher	1696b127c6	s3:rpcclient: add rpcclient_netlogon_creds ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:11 +01:00
Stefan Metzmacher	a1c468e1d7	s3:rpcclient: add rpcclient_msg_ctx ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:10 +01:00
Stefan Metzmacher	94caf7e190	s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schannel() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:10 +01:00
Stefan Metzmacher	3a89eee03a	s3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_unsecure ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:10 +01:00
Stefan Metzmacher	963800539c	s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:10 +01:00
Stefan Metzmacher	531bbf3aff	s3:auth_domain: make use of rpccli_netlogon_network_logon() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:09 +01:00
Stefan Metzmacher	34e66780e5	s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:09 +01:00
Stefan Metzmacher	d9d55f5406	s3:auth_domain: simplify connect_to_domain_password_server() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:09 +01:00
Stefan Metzmacher	22e4e2c1d1	s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:09 +01:00
Stefan Metzmacher	07126b6fb2	s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parent ... This opens the CLEAR_IF_FIRST tdb in the long living parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:08 +01:00
Stefan Metzmacher	b7dc3fb204	s3:rpc_client: add rpccli_netlogon_password_logon() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:08 +01:00
Stefan Metzmacher	5196493c9e	s3:rpc_client: add rpccli_netlogon_network_logon() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:08 +01:00
Stefan Metzmacher	a07cc9a1c6	s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:08 +01:00
Stefan Metzmacher	3c025af657	s3:rpc_client: add rpccli_pre_open_netlogon_creds() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:07 +01:00
Stefan Metzmacher	14ceb7b501	s3:rpc_client: add rpccli_{create,setup}_netlogon_creds() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:07 +01:00
Stefan Metzmacher	5adfc5f9f7	s3:rpc_client: use netlogon_creds_cli_auth_level() in cli_rpc_pipe_open_schannel_with_key() ... This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:07 +01:00
Stefan Metzmacher	38d4dba374	s3:rpc_client: make use of the new netlogon_creds_cli_context ... This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:06 +01:00
Stefan Metzmacher	225982e1cb	s3:winbindd: make use of the "winbind sealed pipes" option for all connections ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:06 +01:00
Stefan Metzmacher	e7954bcc04	s3:param: set Globals.bRequireStrongKey = true ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:05 +01:00
Stefan Metzmacher	99d8653d83	s3:param: set Globals.bWinbindSealedPipes = true ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 12:47:04 +01:00
Stefan Metzmacher	0059929601	libcli/smb: s/tstream_cli_np/tstream_smbXcli_np ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:42 +01:00
Stefan Metzmacher	024fc73047	libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.c ... This code is generic enough to have it in the top level now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:42 +01:00
Stefan Metzmacher	acbd12adf9	s3:libsmb: add a TSTREAM_CLI_NP_DESIRED_ACCESS define as collection of individual flags ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:41 +01:00
Stefan Metzmacher	eb8869a43d	s3:libsmb: add tstream_cli_np_ref as protection to talloc_free(smbXcli_conn) ... This makes sure that we don't have dangling pointers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:41 +01:00
Gregor Beck	46d29d46bc	s3:libsmb: do not use cli_state internally within cli_np_tstream ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:41 +01:00
Gregor Beck	6ebbce96a4	s3:libsmb: let cli_np_tstream use smb1cli_readx ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:41 +01:00
Gregor Beck	68d8aa41e3	s3:libsmb: let cli_np_tstream use smb1cli_writex ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:40 +01:00
Gregor Beck	c25f19e593	s3:libsmb: let cli_np_tstream use smb1cli_close ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:40 +01:00
Gregor Beck	a8c6a05976	s3:libsmb: let cli_np_tstream use smb1cli_trans ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:40 +01:00
Gregor Beck	7ebb0813e6	s3:libsmb: let cli_np_tstream use smb1cli_ntcreatex ... Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:40 +01:00
Stefan Metzmacher	ef28ed685f	libcli/smb: move some *TRANSACT_* flags to smb_constants.h ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:38 +01:00
Stefan Metzmacher	306cba4b8c	libcli/smb: move some FILE_* flags to smb_constants.h ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2014-01-07 08:37:38 +01:00
Garming Sam	88eede6b07	waf: fix a typo in an ADS error message ... Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2014-01-07 04:13:27 +01:00
Garming Sam	8d6bc9987c	waf: Require --without-ads-support to build without ADS support ... Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2014-01-07 04:13:27 +01:00
Garming Sam	eef44dc2d5	waf: Require ldap support to be specifically disabled ... Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2014-01-07 04:13:27 +01:00
Garming Sam	2be17b7991	waf: Require ACL support to be specifically disabled ... Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>	2014-01-07 04:13:26 +01:00
Stefan Metzmacher	6ab9164c74	s3:rpc_client: send a dcerpc_sec_verification_trailer if needed ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 7 02:24:42 CET 2014 on sn-devel-104	2014-01-07 02:24:41 +01:00
Stefan Metzmacher	f0532fe0cd	s3:rpc_client: fill alloc_hint with the remaining data not the total data. ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:12 +01:00
Stefan Metzmacher	523d616268	s3:rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN ... If the backend supports it there's no reason to avoid it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	61bdbc23cd	s3:rpc_client: implement DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	f7bf7e705e	s3:rpc_client: handle DCERPC_AUTH_TYPE_SCHANNEL as any other gensec backend ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	4d3376e919	s3:rpc_client: add some const to rpc_api_pipe_req_send() ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	946e29dbc1	s3:rpc_client: make rpc_api_pipe_req_send/recv static ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00
Stefan Metzmacher	5b39a351a8	s3:rpc_client: talloc_zero pipe_auth_data ... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2014-01-07 00:27:11 +01:00