summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_credsStefan Metzmacher2014-01-072-12/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()Stefan Metzmacher2014-01-072-106/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_logon()Stefan Metzmacher2014-01-072-133/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_setup_creds()Stefan Metzmacher2014-01-072-100/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()Stefan Metzmacher2014-01-072-58/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexibleStefan Metzmacher2014-01-074-12/+21
| | | | | | | | | | It expects a messaging_context now and returns a netlogon_creds_cli_context. This way we can finally avoid having a rpc_pipe_client->netlogon_creds. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-13/+15
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmdStefan Metzmacher2014-01-071-3/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmdStefan Metzmacher2014-01-071-7/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: give errors and clean up correctly after failing to obtain secretGarming Sam2014-01-071-0/+6
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-071-18/+41
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet: pass in struct netlogon_creds_cli_context from the caller.Stefan Metzmacher2014-01-073-1/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: remove unused trust_pw_find_change_and_store_it()Stefan Metzmacher2014-01-072-84/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()Stefan Metzmacher2014-01-071-28/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of trust_pw_change() for periodic password changesStefan Metzmacher2014-01-071-8/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: use invalidate_cm_connection() to kill the netlogon connectionStefan Metzmacher2014-01-071-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:net_rpc: make use of trust_pw_change()Stefan Metzmacher2014-01-071-1/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: make use of trust_pw_change()Stefan Metzmacher2014-01-071-5/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: add trust_pw_change()Stefan Metzmacher2014-01-072-0/+187
| | | | | | | | | This protects the password change using a domain specific g_lock, so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret' even on multiple cluster nodes doesn't race anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:net_rpc: add net_context->netlogon_credsStefan Metzmacher2014-01-072-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: make use of rpcclient_netlogon_creds instead of ↵Stefan Metzmacher2014-01-071-5/+17
| | | | | | | cli->netlogon_creds Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from ↵Stefan Metzmacher2014-01-071-20/+1
| | | | | | | | | cmd_netlogon_database_redo() rpccli_netlogon_setup_creds() is already called in the main do_cmd() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: add rpcclient_netlogon_credsStefan Metzmacher2014-01-072-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: add rpcclient_msg_ctxStefan Metzmacher2014-01-072-0/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-072-103/+66
| | | | | | | cli_rpc_pipe_open_schannel() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-071-15/+51
| | | | | | | libnet_join_joindomain_rpc_unsecure Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-33/+86
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-14/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-071-51/+85
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: simplify connect_to_domain_password_server()Stefan Metzmacher2014-01-071-19/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-52/+77
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parentStefan Metzmacher2014-01-071-0/+8
| | | | | | | This opens the CLEAR_IF_FIRST tdb in the long living parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_password_logon()Stefan Metzmacher2014-01-072-0/+141
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-072-0/+117
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()Stefan Metzmacher2014-01-072-39/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_pre_open_netlogon_creds()Stefan Metzmacher2014-01-072-0/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-072-0/+121
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-075-8/+5
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-0712-598/+250
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: update 'winbind sealed pipes' descriptionStefan Metzmacher2014-01-071-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of the "winbind sealed pipes" option for all connectionsStefan Metzmacher2014-01-072-3/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: explain the interaction of 'client schannel' with 'require strong ↵Stefan Metzmacher2014-01-071-0/+5
| | | | | | | key = yes' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: explain the interaction between security = ads and other options.Stefan Metzmacher2014-01-071-1/+4
| | | | | | | It implies 'require strong key = yes' and 'client schannel = yes'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: make use of real options in netlogon_creds_cli_context_global()Stefan Metzmacher2014-01-071-15/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: set Globals.bRequireStrongKey = trueStefan Metzmacher2014-01-071-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "require strong key" option, defaulting to trueStefan Metzmacher2014-01-074-0/+38
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "reject md5 servers" option, defaulting to falseStefan Metzmacher2014-01-073-0/+33
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "neutralize nt4 emulation" option, defaulting to falseStefan Metzmacher2014-01-073-0/+29
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: set Globals.bWinbindSealedPipes = trueStefan Metzmacher2014-01-071-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: use unique key_name values in netlogon_creds_cli_context_common()Stefan Metzmacher2014-01-071-10/+48
| | | | | | | | | | | | | | | | | Until all callers are fixed to pass the same 'server_computer' value, we try to calculate a server_netbios_name and use this as unique identifier for a specific domain controller. Otherwise winbind would use 'hostname.example.com' while 'net rpc testjoin' would use 'HOSTNAME', which leads to 2 records in netlogon_creds_cli.tdb for the same domain controller. Once all callers are fixed we can think about reverting this commit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit (git 2.34.1) at 2025-09-27 17:40:00 +0000