summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:rpcclient: make use of trust_pw_change()Stefan Metzmacher2014-01-071-5/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: add trust_pw_change()Stefan Metzmacher2014-01-072-0/+187
| | | | | | | | | This protects the password change using a domain specific g_lock, so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret' even on multiple cluster nodes doesn't race anymore. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:net_rpc: add net_context->netlogon_credsStefan Metzmacher2014-01-072-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: make use of rpcclient_netlogon_creds instead of ↵Stefan Metzmacher2014-01-071-5/+17
| | | | | | | cli->netlogon_creds Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from ↵Stefan Metzmacher2014-01-071-20/+1
| | | | | | | | | cmd_netlogon_database_redo() rpccli_netlogon_setup_creds() is already called in the main do_cmd() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: add rpcclient_netlogon_credsStefan Metzmacher2014-01-072-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpcclient: add rpcclient_msg_ctxStefan Metzmacher2014-01-072-0/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-072-103/+66
| | | | | | | cli_rpc_pipe_open_schannel() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher2014-01-071-15/+51
| | | | | | | libnet_join_joindomain_rpc_unsecure Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-33/+86
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: make use of rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-071-14/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-071-51/+85
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:auth_domain: simplify connect_to_domain_password_server()Stefan Metzmacher2014-01-071-19/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-073-52/+77
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parentStefan Metzmacher2014-01-071-0/+8
| | | | | | | This opens the CLEAR_IF_FIRST tdb in the long living parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_password_logon()Stefan Metzmacher2014-01-072-0/+141
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_netlogon_network_logon()Stefan Metzmacher2014-01-072-0/+117
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()Stefan Metzmacher2014-01-072-39/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_pre_open_netlogon_creds()Stefan Metzmacher2014-01-072-0/+22
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2014-01-072-0/+121
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher2014-01-075-8/+5
| | | | | | | | | | cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2014-01-0712-598/+250
| | | | | | | | | | | | | | | This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: update 'winbind sealed pipes' descriptionStefan Metzmacher2014-01-071-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:winbindd: make use of the "winbind sealed pipes" option for all connectionsStefan Metzmacher2014-01-072-3/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: explain the interaction of 'client schannel' with 'require strong ↵Stefan Metzmacher2014-01-071-0/+5
| | | | | | | key = yes' Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* docs-xml: explain the interaction between security = ads and other options.Stefan Metzmacher2014-01-071-1/+4
| | | | | | | It implies 'require strong key = yes' and 'client schannel = yes'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: make use of real options in netlogon_creds_cli_context_global()Stefan Metzmacher2014-01-071-15/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: set Globals.bRequireStrongKey = trueStefan Metzmacher2014-01-071-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "require strong key" option, defaulting to trueStefan Metzmacher2014-01-074-0/+38
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "reject md5 servers" option, defaulting to falseStefan Metzmacher2014-01-073-0/+33
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/param: add "neutralize nt4 emulation" option, defaulting to falseStefan Metzmacher2014-01-073-0/+29
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:param: set Globals.bWinbindSealedPipes = trueStefan Metzmacher2014-01-071-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: use unique key_name values in netlogon_creds_cli_context_common()Stefan Metzmacher2014-01-071-10/+48
| | | | | | | | | | | | | | | | | Until all callers are fixed to pass the same 'server_computer' value, we try to calculate a server_netbios_name and use this as unique identifier for a specific domain controller. Otherwise winbind would use 'hostname.example.com' while 'net rpc testjoin' would use 'HOSTNAME', which leads to 2 records in netlogon_creds_cli.tdb for the same domain controller. Once all callers are fixed we can think about reverting this commit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: add netlogon_creds_cli* infrastructureStefan Metzmacher2014-01-073-0/+2738
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This provides an abstraction to hide netlogon_creds_CredentialState, which is stored in a node local tdb. Where the global state (netlogon_creds_CredentialState) between client and server was only kept in memory (on the client side), we now use the abstracted netlogon_creds_cli_context. We now use a node specific computer name in order to establish individual netlogon sessions per node. If the caller wants to use some netlogon calls with credential chain (struct netr_Authenticator), netlogon_creds_cli_lock*() is used to get the current netlogon_creds_CredentialState in a g_lock'ed fashion, a talloc_free() will release the lock. The locking is needed as there might be more than one process (multiple winbindd child, cmdline tools) which want to talk to a specific domain controller. The usage of netlogon_creds_CredentialState needs to be serialized as it uses sequence numbers. LogonSamLogonEx doesn't use the credential chain, but for some operations it needs the global session in order to de/encrypt individual fields. It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate() functions, which just make sure the session hasn't changed between get and validate. This is prepares the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:librpc: remove recv_data from transportGregor Beck2014-01-074-22/+6
| | | | | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 7 12:42:32 CET 2014 on sn-devel-104
* s4:librpc: factor out xxx_send_request() to dcerpc_send_request()Gregor Beck2014-01-074-249/+156
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: factor out xxx_send_read() to dcerpc_send_read()Gregor Beck2014-01-074-187/+95
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: factor out xxx_shutdown_pipe() to dcerpc_shutdown_pipe()Gregor Beck2014-01-074-78/+59
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: factor out xxx_dead() to dcerpc_transport_dead()Gregor Beck2014-01-074-132/+93
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: remove server_name from transportGregor Beck2014-01-075-65/+7
| | | | | | Signed-off-by: Gregor Beck <gbeck@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: make 'struct dcerpc_pipe_connect' privateStefan Metzmacher2014-01-072-11/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: remove unused dcerpc_smb2.cStefan Metzmacher2014-01-072-551/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: implement dcerpc_pipe_open_smb2() in dcerpc_smb.cStefan Metzmacher2014-01-073-8/+48
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: make use of dcerpc_pipe_open_smb_send/recv for SMB2Stefan Metzmacher2014-01-071-4/+29
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: pass dcecli_connection instead of dcerpc_pipe to ↵Stefan Metzmacher2014-01-073-4/+4
| | | | | | | dcerpc_secondary_smb_send() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: use dcerpc_binding_dup() instead of talloc_reference()Stefan Metzmacher2014-01-073-7/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: pass smbXcli_{conn,session,tcon} to dcerpc_pipe_open_smb_send()Stefan Metzmacher2014-01-073-37/+98
| | | | | | | This will allow it to be used also for smb2 later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: don't talloc_reference smbcli_treeStefan Metzmacher2014-01-071-6/+1
| | | | | | | | It's the job of the caller to make sure it stays for the whole lifetime of the connection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: keep smbcli_tree/smb2_tree as talloc child of dcecli_connectionStefan Metzmacher2014-01-071-2/+2
| | | | | | | This will avoid the need of talloc_reference later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:librpc: use tstream_smbXcli_np in dcerpc_smb.cGregor Beck2014-01-071-341/+321
| | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit (git 2.34.1) at 2025-09-27 07:55:56 +0000