summaryrefslogtreecommitdiff
path: root/source3/libnet/libnet_join.c
AgeCommit message (Collapse)AuthorFilesLines
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-09-20s3-util: use shared dom_sid_dup.Günther Deschner1-3/+4
Guenther
2010-08-26s3-build: only include krb5 environment variables where required.Günther Deschner1-0/+1
Guenther
2010-08-25s3-lsa: separate out init_lsa headers.Günther Deschner1-0/+1
Guenther
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-6/+0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-08-12s3-libnet: fix bug #6364: Pull realm from supplied username on libnet joinJim McDonough1-0/+7
2010-08-05s3-secrets: only include secrets.h when needed.Günther Deschner1-1/+1
Guenther
2010-08-05s3: avoid global include of ads.h.Günther Deschner1-0/+1
Guenther
2010-07-13s3-libnet: better separate headers.Günther Deschner1-1/+2
Guenther
2010-07-01s3-libads: only include libds flags where needed.Günther Deschner1-0/+2
Guenther
2010-05-18s3-rpc_client: move protos to init_samr.hGünther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_client: move protos to cli_lsarpc.hGünther Deschner1-0/+1
Guenther
2010-05-18s3-rpc_client: move protos to cli_netlogon.hGünther Deschner1-0/+1
Guenther
2010-05-18smbconf: only include smbconf headers where needed.Günther Deschner1-0/+2
Guenther
2010-05-06s3: only include gen_ndr headers where needed.Günther Deschner1-0/+1
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time as follows: ccache build w/o patch real 4m21.529s ccache build with patch real 3m6.402s pch build w/o patch real 4m26.318s pch build with patch real 3m6.932s Guenther
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner1-0/+2
samba. Guenther
2009-10-13s3-netlogon: pass down account name to remote password set functions.Günther Deschner1-0/+1
Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke1-4/+5
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
2009-10-05s3: Attempt to fix machine password changeVolker Lendecke1-5/+4
2009-09-30w32err: WERR_DC_NOT_FOUND replaced with WERR_DCNOTFOUNDKamen Mazdrashki1-2/+2
It turns out in win32 ERROR_DC_NOT_FOUND exists and it is an error for Device Context (DC), not Domain Controller Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
2009-09-17w32err: use WERR_DC_NOT_FOUND name instead of WERR_DOMAIN_CONTROLLER_NOT_FOUNDKamen Mazdrashki1-2/+2
Signed-off-by: Günther Deschner <gd@samba.org>
2009-09-15s3-dcerpc: use dcerpc_AuthLevel and remove duplicate set of flags.Günther Deschner1-1/+1
Guenther
2009-09-11s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner1-1/+2
Guenther
2009-06-26Don't use ads realm name for non-ads case. #6481Jim McDonough1-7/+9
Also check that the connection to ads worked.
2009-06-22s3-libnet: fix libnet_unjoin_remove_machine_acct() when called without ads ↵Günther Deschner1-1/+7
struct. Guenther
2009-06-19Don't require "Modify property" perms to unjoin bug #6481)Jim McDonough1-14/+35
"net ads leave" stopped working when "modify properties" permissions were not granted (meaning you had to be allowed to disable the account that you were about to delete). Libnetapi should not delete machine accounts, as this does not happen on win32. The WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag really means "disable" (both in practice and docs). However, to keep the functionality in "net ads leave", we will still try to do the delete. If this fails, we try to do the disable. Additionally, it is possible in windows to not disable or delete the account, but just tell the local machine that it is no longer in the account. libnet can now do this as well.
2009-04-24s3-libnetjoin: make acct_flags dependent on secure channel type.Günther Deschner1-3/+12
Guenther
2009-04-24s3-libnetjoin: add support for WKSSVC_JOIN_FLAGS_JOIN_UNSECURE.Günther Deschner1-3/+59
Guenther
2009-04-21s3-secdesc: use SEC_FLAG_MAXIMUM_ALLOWED instead of SEC_RIGHTS_MAXIMUM_ALLOWED.Günther Deschner1-5/+5
Guenther
2009-04-20Merge commit 'origin/master' into libcli-auth-merge-without-netlogondAndrew Bartlett1-1/+1
2009-04-20Remove use of talloc_reference in cli_rpc_pipe_open_schannel_with_key()Andrew Bartlett1-1/+1
2009-04-15Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison1-1/+1
What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
2009-04-14Adapt to common crypto functions: sam_pwd_hash() -> sam_rid_crypt()Andrew Bartlett1-0/+1
2009-04-06s3:libads Make ads_get_dn() take a talloc contextAndrew Bartlett1-2/+2
Also remove ads_memfree(), which was only ever a wrapper around SAFE_FREE, used only to free the DN from ads_get_ds(). This actually makes libgpo more consistant, as it mixed a talloc and a malloc based string on the same element. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2009-03-18s3: remove POLICY_HND.Günther Deschner1-3/+3
Guenther
2009-02-26s3: move definition of W_ERROR_NOT_OK_GOTO_DONE down to libcli/util/werror.hMichael Adam1-6/+0
Michael
2009-02-03s3: Fix 'net rpc join' for users with the SeMachineAccountPrivilege.Volker Lendecke1-2/+5
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam1-1/+1
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-06s3-samr: avoid all init_samr_user* functions.Günther Deschner1-4/+4
Guenther
2008-12-22In gcc version 4.3.2 we get warnings for functions declared withJeremy Allison1-2/+1
attribute warn_unused_result. Start to fix these. Jeremy.
2008-12-13s3:libnet_join: use DS_FORCE_REDISCOVERYStefan Metzmacher1-0/+1
metze
2008-12-13s3:libnet_join: call saf_join_store() after a the join.Stefan Metzmacher1-1/+4
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (similar to commit feef594d275881466e2c3f59c0ff54609a9cc53b)
2008-11-29s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze.Günther Deschner1-16/+29
Guenther
2008-11-29s3-libnetjoin: remove unused md4_trust_password, found by metze.Günther Deschner1-5/+0
Guenther
2008-11-28s3-samr: fix init_samr_user_info{23,24} callers.Günther Deschner1-1/+2
Guenther
2008-11-21s3-libnetjoin: fix build warning.Günther Deschner1-1/+1
Guenther
2008-11-21s3-libnetjoin: try to show a better error message upon invalid configuration.Günther Deschner1-11/+50
Guenther
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-1/+1
Samba 4.
2008-10-06If name_to_fqdn fails, retry with the dns domain the DC gave usVolker Lendecke1-3/+8
This is a workaround for the cases where you want to join under a netbios name that is different from your hostname, i.e. a name that can not be found in /etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.