summaryrefslogtreecommitdiffstats
path: root/source4/rpc_server/netlogon
Commit message (Collapse)AuthorAgeFilesLines
* s4:rpc_server/netlogon: fix bugs in dcesrv_netr_DsRGetDCNameEx2()Stefan Metzmacher2015-01-261-8/+14
| | | | | | | | We should return the our ip address the client is connected too. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* idl: Merge NETR_TRUST and LSA_TRUST definitions into one set only in lsa.idlAndrew Bartlett2014-09-271-3/+4
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-netlogond: Give a better error if we do not have a flatname attributeAndrew Bartlett2014-09-011-0/+2
| | | | | | | | | Change-Id: I3bc283b6fab4326131084d1abb89cb486af7b35a Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Sep 1 02:58:46 CEST 2014 on sn-devel-104
* s4:rpc_server/netlogon: keep a global challenge tableStefan Metzmacher2014-07-191-4/+87
| | | | | | | | | | | | | | | | | Some clients call netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections. This works against Windows DCs as they have a global challenge table. A VMware provisioning task for Windows VMs seemy to rely on this behavior. As a fallback we're storing the challenge in a global memcache with a fixed size. This should allow these strange clients to work against a Samba AD DC. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10723 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server/netlogon: explicitly use dcerpc_binding_handle_set_sync_ev() ↵Andrew Bartlett2014-05-131-0/+6
| | | | | | | | | | | | | | for irpc This indicates that we're using nested event loops... Andrew Bartlett Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Change-Id: I4dcc7bf3c624612980e53b6119a60989fc2ea3b6 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Put password lockout support in samdb_result_passwords()Andrew Bartlett2014-04-021-6/+6
| | | | | | | | | | | | This seems to be the best choke point to check for locked out accounts, as aside from the KDC, all the password authentication and change callers use it. Andrew Bartlett Change-Id: I0f21a79697cb8b08ef639445bd05a896a2c9ee1b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:rpc_server/netlogon: return a zero return_authenticator and rid on errorStefan Metzmacher2014-01-221-4/+8
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:netlogon: implement "allow nt4 crypto" and "reject md5 clients" features.Stefan Metzmacher2014-01-071-0/+20
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 7 16:53:31 CET 2014 on sn-devel-104
* s4:netlogon: don't generate a debug message for SEC_CHAN_NULL.Stefan Metzmacher2014-01-071-0/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:netlogon: correctly calculate the negotiate_flagsStefan Metzmacher2014-01-071-31/+28
| | | | | | | We need to bit-wise AND the client and server flags. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb: Move cldap netlogon functions into samdb/ldb_modulesBenjamin Franzke2013-11-111-1/+1
| | | | | | | | As netlogon is handled by the samdb now, the corresponding functions should live there as well. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* s4-netlogon: honnor DS_RETURN_DNS_NAME flagMatthieu Patou2013-08-061-0/+9
| | | | Reviewed-By: Andrew Bartlett <abarlett@samba.org>
* s4-netlogon: do not add \\ it has already be done in the ↵Matthieu Patou2013-08-061-1/+3
| | | | | | fill_netlogon_samlogon_response Reviewed-By: Andrew Bartlett <abarlett@samba.org>
* s4:netlogon: make use of netlogon_creds_decrypt_samlogon_logon()Stefan Metzmacher2013-08-051-22/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4-rpc_server: use netlogon_creds_encrypt_samlogon().Günther Deschner2012-12-161-34/+3
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
* s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner2012-12-091-5/+23
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner2012-12-091-1/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* netlogon: Per MS-NRPC, don't send unknown workstation flags back to theJelmer Vernooij2012-09-261-1/+2
| | | | client.
* s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher2012-07-171-0/+4
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher2012-07-171-26/+31
| | | | | | metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher2012-07-171-2/+20
| | | | | | | | This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
* s4-netlogond: Fix use of uninitialised value dns_nameAndrew Bartlett2012-02-271-19/+8
| | | | | | | | The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name when the value was not set. New tests for our trusted domains code create domain trusts without a DNS domain name. Found by the autobuild flakey build detector. Andrew Bartlett
* s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explainationMatthias Dieter Wallnöfer2011-12-231-0/+5
| | | | | | NETLOGON pipe is only thought for DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctlyMatthias Dieter Wallnöfer2011-11-271-0/+14
| | | | | | | | The rules are explained in MS-NRPC 2.2.1.2.1. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we ↵Matthieu Patou2011-11-271-1/+1
| | | | | | | are unable to translate the domain to a dn Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett2011-10-131-3/+3
| | | | | | This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
* s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2Andrew Tridgell2011-06-081-3/+12
| | | | | | | this may be different from the CLDAP response, as it can be IPv6 Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 8 06:07:29 CEST 2011 on sn-devel-104
* s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett2011-05-081-1/+1
|
* s4-rpc: improved error mapping for several RPC server callsAndrew Tridgell2011-04-041-1/+1
| | | | Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
* s4:netlogon RPC server - "LogonGetDomainInfo" - check for NULL attributesMatthias Dieter Wallnöfer2011-03-011-17/+29
| | | | | | | | | | | | This is needed to complete the transition from "samdb_msg_add_string" to "ldb_msg_add_string". And this patch yields better NTSTATUS error results than before (INVALID_PARAMETER rather than OUT_OF_MEMORY). Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 14:42:15 CET 2011 on sn-devel-104
* Fix some typesJelmer Vernooij2011-02-281-3/+3
| | | | | Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-091-7/+7
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()Stefan Metzmacher2011-02-021-10/+83
| | | | | | | We need to check for invalid parameters before we check for access denied. metze
* s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on ↵Stefan Metzmacher2011-02-021-2/+3
| | | | | | INVALID_PARAMETER/INFO_CLASS metze
* s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid ↵Stefan Metzmacher2011-02-021-1/+1
| | | | | | netr_Validation levels metze
* s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"Matthias Dieter Wallnöfer2010-11-191-25/+37
| | | | | | | | | - Performs the short computer name check against the sam account name. - Enhances the LogonGetDomainInfo testsuite which checks the NULL "dns_hostname" behaviour Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
* s4:netlogon RPC server - "LogonGetDomainInfo" - always check the LDB return ↵Matthias Dieter Wallnöfer2010-10-311-31/+57
| | | | | | | | | codes Plus some cosmetic indentation fixes Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 31 19:26:45 UTC 2010 on sn-devel-104
* s4:netlogon RPC server - point out that the "LogonGetDomainInfo" ↵Matthias Dieter Wallnöfer2010-10-311-0/+4
| | | | "servicePrincipalName" generation is still needed
* s4:dsdb - remove some calls of "samdb_msg_add_string" when we have talloc'ed ↵Matthias Dieter Wallnöfer2010-10-241-10/+6
| | | | | | | | | | strings They can be substituted by "ldb_msg_add_string" if the string was already talloc'ed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
* s4:rpc_server/netlogon: netr_ServerAuthenticate3 should return ↵Stefan Metzmacher2010-10-231-8/+8
| | | | | | | | | | | | NO_TRUST_SAM_ACCOUNT If we can't find the account we should return NT_STATUS_NO_TRUST_SAM_ACCOUNT instead of NT_STATUS_ACCESS_DENIED. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Oct 23 10:05:35 UTC 2010 on sn-devel-104
* s4:rpc_server/netlogon: netr_ServerAuthenticate3 should reject invalid ↵Stefan Metzmacher2010-10-231-3/+15
| | | | | | sec_channel_types early metze
* s4:rpc_server/netlogon: netr_ServerAuthenticate3 should check the challenge ↵Stefan Metzmacher2010-10-231-5/+5
| | | | | | after the account metze
* s4:rpc_server/netlogon: fix comment in netr_DsRGetDCName()Stefan Metzmacher2010-10-231-1/+1
| | | | metze
* s4:rpc_server/netlogon: handle DC_RETURN_NETBIOS and DC_RETURN_DNS in ↵Stefan Metzmacher2010-10-231-3/+28
| | | | | | netr_DsRGetDCNameEx2() metze
* s4:rpc_server/netlogon: validate flags in netr_DsRGetDCNameEx2() and callersStefan Metzmacher2010-10-231-2/+37
| | | | | | | Thanks to Tarun Chopra for the help of looking up all the bits in the docs. metze
* s4:rpc_server/netlogon: netr_GetDcName should return WERR_DCNOTFOUND for ↵Stefan Metzmacher2010-10-231-0/+19
| | | | | | | | invalid names Only netbios domain names are allowed. metze
* Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer2010-10-171-0/+1
| | | | | | | | | | | | in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
* s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer2010-10-171-1/+0
| | | | | | | | | "dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
* s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer2010-10-151-9/+9
| | | | | | | | | "samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* samdb: Add flags argument to samdb_connect().Jelmer Vernooij2010-10-101-13/+13
|
generated by cgit (git 2.34.1) at 2025-09-03 11:30:20 +0000