summaryrefslogtreecommitdiff
path: root/source3/include/ntdomain.h
AgeCommit message (Collapse)AuthorFilesLines
2009-05-07s3-auth: use full 16byte session key in make_user_info_netlogon_interactive().Günther Deschner1-1/+1
Patch from Jeremy. With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a Samba 3 Domain. There are still two registry settings required: HKLM\System\CCS\Services\LanmanWorkstation\Parameters DWORD DomainCompatibilityMode = 1 DWORD DNSNameResolutionRequired = 0 Do *not* modify the other netlogon registry parameters that were passed around, they weaken security. Guenther (cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)
2009-04-19Make "struct policy" private to srv_lsa_hnd.cVolker Lendecke1-17/+1
2009-03-18s3: remove POLICY_HND.Günther Deschner1-1/+1
Guenther
2009-03-17s3-spoolss: remove unused RPC_BUFFER definition.Günther Deschner1-7/+0
Guenther
2009-02-08Make prs_struct->out_data.current_pdu dynamically allocatedVolker Lendecke1-5/+2
Another 4k per open pipe
2009-02-07Make current_in_pdu in pipes_struct allocatedVolker Lendecke1-1/+1
This makes an open pipe about 4K cheaper
2009-02-01Replace pipe names in pipes_struct by ndr_syntax_idVolker Lendecke1-2/+1
This was mainly used for debugging output
2009-01-08Now that all policy_handle free_fn's are just TALLOC_FREE, dump free_fnVolker Lendecke1-1/+0
2009-01-06Move the "rid_name" typedef to the only place where it might be usedVolker Lendecke1-5/+0
2008-11-24Fix nonempty blank linesVolker Lendecke1-17/+17
2008-11-24Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS!Volker Lendecke1-6/+0
2008-10-13Remove smb_np_structVolker Lendecke1-58/+0
2008-10-13Use "struct files_struct" for pipes instead of smb_np_structVolker Lendecke1-0/+1
2008-07-26make read/write to internal pipes available externallyVolker Lendecke1-8/+6
(This used to be commit e11b5cb1e061caf4c3793fb402ca6bee95a8f26c)
2008-07-26Refactoring: Make close_internal_rpc_pipe_hnd a talloc destructorVolker Lendecke1-9/+0
(This used to be commit 10b47a0c2cfd62489428518112da82f73a52b7bc)
2008-07-26Refactor make_internal_rpc_pipe_p: connection_struct is not neededVolker Lendecke1-2/+5
(This used to be commit defcf0eecfb8eb035d9ca80530720b9e6873f6c7)
2008-07-18Simplify the RPC servers: remove get_pipe_fnsVolker Lendecke1-1/+1
The per-server xxx_get_pipe_fns functions can go once all the RPC servers are converted (This used to be commit 6aa2391cbe1cbda8269ded767117f53d83b243e1)
2008-06-26Remove p->vuidVolker Lendecke1-2/+0
The users can use p->server_info. Now pipes_struct is decoupled from the SMB transport. (This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7)
2008-06-26Now that we have p->server_info, use p->server_info->user_session_keyVolker Lendecke1-1/+0
(This used to be commit aefad64e3a5c86d2f988d47e6215ed2085b8fc47)
2008-06-26Add server_info to pipes_structVolker Lendecke1-0/+2
(This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10)
2008-06-24Remove "conn" from pipes_structVolker Lendecke1-1/+2
For spoolss, we need the client's IP address (This used to be commit 64a4dfaa826cf9319ef3f5c65023352bf8af539e)
2008-06-21Make pipes_struct its own talloc ctxVolker Lendecke1-3/+0
(This used to be commit 829b1ad4697f2f1ea008377d591456722dccd025)
2008-05-05pipes_struct->pipe_user_name is unused, remove itVolker Lendecke1-1/+0
(This used to be commit 32cd4bf34b614f7bb0b05a7ae5d7eb51d208a7c7)
2008-04-14Remove namedpipe_transact fn pointer from smb_np_structVolker Lendecke1-11/+0
(This used to be commit d1f82b7e67a791e19d08c682b607d82ae649feb4)
2008-04-11Remove some write-only fstringsVolker Lendecke1-7/+0
(This used to be commit aacb07b1b0f674b8cb92347ef4b4dd1e7808dde8)
2008-02-15Replace DOM_CHAL with "struct netr_Credential" where we can right now.Günther Deschner1-3/+3
This allows to remove some more old netlogon client calls. Guenther (This used to be commit c0b1a876583230a5130f5df1965d6c742961bcdc)
2007-12-16Make smb_np_struct talloc'edVolker Lendecke1-1/+1
Convert "name" from string to a talloc'ed char * (This used to be commit e82069f921b3a22295db91e092c22c459ccd7215)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-15/+15
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10[GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.Gerald (Jerry) Carter1-1/+9
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
2007-10-10r25118: More pstring elimination.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 7632f8fb4003657591778d2b55f546d1737859d1)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r19218: With the new RPC server infrastructure all backend functions are ↵Volker Lendecke1-0/+6
filled, at least with dummy routines. We need a way to indicate that we do not support a call, so that srv_pipe_hnd.c can return the DCE level RNG_ERROR. This flag can be set in the backend routines for this one. I'll change pidl to generate code to "return False" in srv_lsa.c if this flag is set. Volker (This used to be commit 5260657664caf9546d324a81c392f0d9e8532d58)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-9/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r13553: Fix all our warnings at -O6 on an x86_64 box.Jeremy Allison1-3/+3
Jeremy. (This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison1-1/+1
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r12046: Fix typoVolker Lendecke1-1/+1
(This used to be commit b9d1a659109daeeb625f3e6caf7ec706ccdde230)
2007-10-10r10722: Remove unused BOOL in struct dcinfo.Jeremy Allison1-1/+0
Ensure that the mach_acct and remote machine entries are set correctly in struct dcinfo - we'll need this as a key for a persistent schannel state later. Jeremy. (This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-71/+64
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r6014: rather large change set....Gerald Carter1-0/+2
pulling back all recent rpc changes from trunk into 3.0. I've tested a compile and so don't think I've missed any files. But if so, just mail me and I'll clean backup in a couple of hours. Changes include \winreg, \eventlog, \svcctl, and general parse_misc.c updates. I am planning on bracketing the event code with an #ifdef ENABLE_EVENTLOG until I finish merging Marcin's changes (very soon). (This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
2007-10-10r5805: merging spoolss parsing changes from trunk and cleaning up resulting ↵Gerald Carter1-0/+1
segvs (This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
2007-10-10r2007: Fix typo in Jeremy's copyright. From the output of cvs annotate a yearTim Potter1-1/+1
in the late 1990's may be more appropriate though. (This used to be commit 4c881b7a9e40307710ec860375985dc2145f2dd8)
2007-10-10r1412: Fix password history list in tdbsam. Fix some memory leaks. AddJeremy Allison1-60/+50
my (C) to a header file that was at least 50% mine :-). Jeremy. (This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-0/+16
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r116: volker's patch for local group and group nestingGerald Carter1-7/+0
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-1/+1
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-10-24Add initshutdown pipe commands to rpcclient. Second part of fix to bugJim McDonough1-0/+1
#534 (This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
2003-08-14Attempt at fixing bug #283. There however is no solution.Gerald Carter1-2/+18
There is a workaround documented in the bug report. This patch does: * add server support for the LSA_DS UUID on the lsarpc pipe * store a list of context_ids/api_structs in the pipe_struct so that we don't have to lookup the function table for a pipe. We just match the context_id. Note that a dce/rpc alter_context does not destroy the previous context so it is possible to have multiple bindings active on the same pipe. Observed from standalone win2k sp4 client. * added server code for DsROleGetPrimaryDOmainInfo() but disabled it since it causes problems enumerating users and groups from a 2ksp4 domain member in a Samba domain. (This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
2003-04-16Move PAC decoding over from HEAD.Jim McDonough1-0/+3
(This used to be commit b0fd4e5555dd93c584cd86eaac080663b9e4031f)
2003-04-14Merge of rpcecho pipe for testing large dcerpc requests and responses.Tim Potter1-0/+1
Only compiled in when --enable-developer argument passed to configure. (This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)