summaryrefslogtreecommitdiff
path: root/source3/include/rpc_netlogon.h
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r13399: Get closer to passing RPC-SCHANNEL test.Jeremy Allison1-0/+51
Jeremy. (This used to be commit 8ae70122b79fbe682c227ec2c4e5a72bf58d76de)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-2/+11
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r12096: Change uint32_t to uint32. Jerry, please pick this change up forJeremy Allison1-1/+1
3.0.21 final. Jeremy. (This used to be commit 2b17e08d290dd7c629145d87c72f7fbd7f47b67d)
2007-10-10r11853: Add Dsr_GetSiteName (handy for experimenting with GPOs).Günther Deschner1-0/+15
Guenther (This used to be commit c54430a7b5e40d3bdf8afdc813eb722c0a3b861e)
2007-10-10r11706: Implement dsr_getdcname client code. It's handy: It not only gives ↵Volker Lendecke1-0/+34
you the IP address but also the fqdn of the remote dc and site info. Volker (This used to be commit 62d01ce7e6c14971084c208ab61f379cb172cb22)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-0/+3
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-179/+106
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-1/+12
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6232: more cleanups; remove BUFFER3; rename BUFFER4 -> RPC_DATA_BLOB; ↵Gerald Carter1-7/+7
rename REG_CREATE_VALE -> REG_SET_VALUE (This used to be commit 28d433351cf813c7fb57ebac0e0f4973c85f73e8)
2007-10-10r4946: Our notion the other_sids in the info3 SamLogon struct wasVolker Lendecke1-2/+1
...hmmm... completely bogus. This does not affect us as a domain controller, as we never set other_sids, but I have *no* idea how winbind got away with it. Please review thoroughly, samba4 idl looks closer to reality here. Test case: Member of w2k3 domain, authenticate as a user who is member of one or more domain local groups. Easiest review with 'client schannel = no'. Thanks, Volker (This used to be commit a0a6388830d9457de3e42686c64bddeba42954f8)
2007-10-10r4287: Vampire SAM_DELTA_DOMAIN_INFO.Günther Deschner1-5/+42
Based on samba4-idl. The decoding of account-lockout-string is somewhat experimental though. Guenther (This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26)
2007-10-10r4286: Give back 8 byte lm_session_key in Netrsamlogon-reply.Günther Deschner1-1/+3
The old #ifdef JRATEST-block was copying 16 bytes and thus overwriting acct_flags with bizarre values, breaking a lot of things. This patch is successfully running in a production environment for quite some time now and is required to finally allow Exchange 5.5 to access another Exchange Server when both are running on NT4 in a samba-controlled domain. This also allows Exchange Replication to take place, Exchange Administrator to access other Servers in the network, etc. Fixes Bugzilla #1136. Thanks abartlet for helping me with that one. Guenther (This used to be commit bd4c5125d6989cebc90152a23e113b345806c660)
2007-10-10r1283: Fix typoVolker Lendecke1-1/+1
(This used to be commit 3af4348fafd4c71513dfc50a86ef17b08a98caaf)
2007-10-10r991: Allow winbindd to use the domain trust account passwordGerald Carter1-7/+35
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
2004-04-02Implement NETLOGON GetDCName client side. You can ask a DC for the name ofVolker Lendecke1-0/+20
a DC it trusts. Volker (This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
2003-03-24(merge from HEAD)Andrew Bartlett1-1/+1
NTLM Authentication: - Add a 'privileged' mode to Winbindd. This is achieved by means of a directory under lockdir, that the admin can change the group access for. - This mode is now required to access with 'CRAP' authentication feature. - This *will* break the current SQUID helper, so I've fixed up our ntlm_auth replacement: - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a challenge. - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5 servers. - Tested - works for Win2k clients, but not Win9X at present. NTLMSSP updates are needed. - Now uses fgets(), not x_fgets() to cope with Squid environment (I think somthing to do with non-blocking stdin). - Add much more robust connection code to wb_common.c - it will not connect to a server of a different protocol version, and it will automatically try and reconnect to the 'privileged' pipe if possible. - This could help with 'privileged' idmap operations etc in future. - Add a generic HEX encode routine to util_str.c, - fix a small line of dodgy C in StrnCpy_fn() - Correctly pull our 'session key' out of the info3 from th the DC. This is used in both the auth code, and in for export over the winbind pipe to ntlm_auth. - Given the user's challenge/response and access to the privileged pipe, allow external access to the 'session key'. To be used for MSCHAPv2 integration. Andrew Bartlett (This used to be commit ec071ca3dcbd3881dc08e6a8d7ac2ff0bcd57664)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-94/+99
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-12decoded SAM_DELTA 0x0e and 0x12.Jean-François Micouleau1-0/+59
One is an entry for the trusted domains The other is an entry for the trusting domains They are pretty basic, I'll improve them. J.F. (This used to be commit 8d359e62138aa327cb00875dc446234ce4be6f02)
2001-12-12a ugly decoder for SAM_DELTA_DOM_INFO (0x0d)Jean-François Micouleau1-3/+88
a correct decoder for SAM_PRIVS_INFO (0x10) this code is totally useless right now, it's just fun to decode those and will save tpot some time. J.F. (This used to be commit 314b675ed9ebacba9db25938c43cfa304462ebe2)
2001-09-30Make header comment clearer, these are RIDs, not UIDs.Andrew Bartlett1-2/+3
(This used to be commit 663c1c91bdd020e2e8266d25909db12b28fbb7d8)
2001-09-22These are RIDs not Unix UIDs so make this clear in the feild names.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit d1bc778301b31d77fdc3837ec3cff24ce37adcd7)
2001-09-04the next stage in the NTSTATUS/WERROR change. smbd and nmbd now compile, but ↵Andrew Tridgell1-8/+5
the client code still needs some work (This used to be commit dcd6e735f709a9231860ceb9682db40ff26c9a66)
2001-08-28Merge of SAM delta type constants and BDC replication types from TNG.Tim Potter1-0/+282
(This used to be commit 73eeaadbe212989b5c1b2e494500e9618c3f3a5e)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-12/+10
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-05-24Added structures for LOGON_CTRL rpc.Tim Potter1-21/+55
Make proto. (This used to be commit 0650f87000dcf5572f3a8d61ab93760d94eee770)
2001-04-23Fix "proc num out of range" error. Missing rpc call.Jeremy Allison1-2/+17
Jeremy. (This used to be commit 6248fb22926d72fddaecad5af117af1bdd08fda3)
2001-02-24This patch (donated by Marc Jacobsen of HP) should make Sun and HP very ↵Jeremy Allison1-14/+45
happy :-). Probably Veritas too... :-). It allows Samba as a domain member to authenticate against an AS/U server such as the older HP PDC product or PD Netlink. It does this by trying a netlogon with info level 3 and then falling back to info level 2 if the PDC returns invalid info level. Jeremy. (This used to be commit bda1d6d4a4b3d2cfc260549280a2ce3e57fd0f86)
2000-10-10a netlogon enum trust query doesn't have a function_code at end.Jean-François Micouleau1-2/+0
a sam_user_info_24 doesn't have a uint16 at end samr_create_user also creates the unix account now samr_set_userinfo changes the password. J.F. (This used to be commit 94f4024481fcd0cb6647af1bd4364033be020641)
2000-09-06Fix for the SID history problem when using a Win2k domain controllerJeremy Allison1-1/+4
with security=domain. Also fixed to dynamically allocate the SIDs and GIDs. Jeremy. (This used to be commit 2b1f66eb82f05fe0b85ac5b4916e32847b8de675)
2000-06-09dynamic allocation of NET_USER_INFO_3 gids.Luke Leighton1-2/+2
jeremy, the intent is to call se_access_check() with usr-sid, grp-sid, array-of-group-rids (but array-of-group-sids would do). please do look at smbd/lanman.c's api_NetWkstaGetInfo, it will show you that we really do need to store the entire NET_USER_INFO_3 structure. then again, api_NetWkstaGetInfo is only used by win9x so who cares :) (This used to be commit bd34f652390adc32c4959d164c628687f526d977)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-290/+34
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-01damn, that took a while. nt login password was being stored incorrectlyLuke Leighton1-2/+2
in private .mac file (oops). ntlogin test now works. (This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
1999-11-16attempting to get nt5 wksta to join domain.Luke Leighton1-1/+1
1) had to fix samr "create user" and "set user info" (level 23). 2) had to fix netlogon enum trust domains 3) registry key needed \\ in it not \. (This used to be commit 70b2c1ecbb4fbbb86fea676c80754485aae5ab13)
1999-11-16Changes to implement NET_AUTH based on NET_AUTH2, to get Win2000Richard Sharpe1-2/+17
happier in joining a Samba domain. (This used to be commit 70274b5253182f3541584ecd844f07376a3d3df9)
1999-07-22BDC support.Matthew Chapman1-6/+4
Fixing and clarifying SAM_PWD structure. (This used to be commit 8e36b07a0e8e7ea8b72e1b9e3b747795b2685e85)
1999-07-21BDC support.Luke Leighton1-2/+21
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
1999-06-02Some more BDC-related fixes, mainly to the NET_SAM_SYNC RPC with respectMatthew Chapman1-20/+30
to alignment, missing fields, etc. - it should now work correctly. There is still the problem of decoding the private data field. (This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
1999-04-08Mainly BDC-related changes.Matthew Chapman1-2/+244
* Added SEC_CHAN_BDC * Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A BUFFER2 is really a "unibuf" in my terminology and we should treat it as such. * Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4). * Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication. Still experimental and incomplete, with a few too many NULL security descriptors lying around (must go look at Jeremy's SD code). Haven't worked out password encryption yet either. However, the XXX_INFO structures I've added to rpc_netlogon.h are quite nice as they give some insight into how these objects are stored in the SAM. (This used to be commit 74d6dec25d6b44e26d3895f789f1958d5f4639ee)
1998-04-29This is the checkin that adds the security=domain functionality.Jeremy Allison1-0/+3
WARNING - so far this has only been tested against a Samba PDC (still waiting for IS to add me the machine accounts :-). Still missing is the code in smbpasswd that will add a machine account password and change it on the domain controller, but this is not hard, and I will check it in soon. Jeremy. (This used to be commit 17b94a7084621b3f0106dd4d3386f05cdfc56d19)
1998-03-24clientgen.c ipc.c smbpasswd.c: Fixes for warnings (from Herb).Jeremy Allison1-2/+2
quotas.c: Linux quota fix. util.c: Ensure smb_read_error is zero in all calls that can set it. lib/rpc/include/rpc_misc.h lib/rpc/include/rpc_netlogon.h lib/rpc/parse/parse_misc.c lib/rpc/parse/parse_net.c lib/rpc/server/srv_netlog.c : Modify Luke's code to call SamOEMhash(). Jeremy. (This used to be commit 7f749708383b8b36c3f23a5fbc5cbdf39bc8e555)
1998-03-11"For I have laboured mightily on Luke's code, and hath brokenJeremy Allison1-0/+372
all I saw" - the book of Jeremy, chapter 1 :-). So here is the mega-merge of the NTDOM branch server code. It doesn't include the new client side pieces, we'll look at that later. This should give the same functionality, server wise, as the NTDOM branch does, only merged into the main branch. Any fixes to domain controler functionality should be added to the main branch, not the NTDOM branch. This code compiles without warnings on gcc2.8, but will need further testing before we are sure all the working functionality of the NTDOM server branch has been correctly carried over. I hereby declare the server side of the NTDOM branch dead (and all who sail in her :-). Jeremy. (This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)