summaryrefslogtreecommitdiff
path: root/source3/libsmb/trusts_util.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-03s3: Remove debug_ctx()Volker Lendecke1-1/+1
smbd just crashed on me: In a debug message I called a routine preparing a string that itself used debug_ctx. The outer routine also used it after the inner routine had returned. It was still referencing the talloc context that the outer debug_ctx() had given us, which the inner DEBUG had already freed.
2009-10-13s3: use enum netr_SchannelType all over the place.Günther Deschner1-2/+2
Guenther
2009-10-13s3-netlogon: allow to change any type of trust account password in ↵Günther Deschner1-6/+39
trust_pw_find_change_and_store_it(). Guenther
2009-10-13s3-netlogon: pass down account name to remote password set functions.Günther Deschner1-0/+3
Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke1-3/+5
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
2009-10-05s3: Attempt to fix machine password changeVolker Lendecke1-5/+3
2009-10-05s3: Fix nonempty blank linesVolker Lendecke1-4/+4
Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett1-0/+1
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-03-18s3: remove POLICY_HND.Günther Deschner1-1/+1
Guenther
2008-10-19Add TALLOC_CTX pointer to generate_random_str(), for consistency withJelmer Vernooij1-3/+2
Samba 4.
2008-09-21netlogon: move password change code out to rpccli_netlogon_set_trust_password.Günther Deschner1-94/+5
Guenther
2008-09-21netlogon: refactor just_change_the_password a bit.Günther Deschner1-22/+16
Guenther
2008-09-21netlogon: use init_netr_CryptPassword in "just_change_the_password"Günther Deschner1-13/+10
Guenther
2008-08-21Fix Bug #5710 and make machine account password changing work again.Günther Deschner1-23/+52
When we negotiated NETLOGON_NEG_PASSWORD_SET2 we need to use NetrServerPasswordSet2 to change the machine password. Tested with NT4, W2k, W2k3 and W2k8. Guenther (This used to be commit 5820360451e4db0fad0472f814cae667b2ea51fd)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-2/+3
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-04-25Refactoring: Make cli_pipe_auth_data a pointer off rpc_pipe_clientVolker Lendecke1-1/+1
(This used to be commit f665afaaa3eff9ef54112e08ed034a6e1bb30edc)
2008-04-20Add "desthost" to rpc_pipe_clientVolker Lendecke1-1/+1
This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b)
2008-04-02Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner1-1/+1
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
2008-03-28Add a talloc context parameter to current_timestring() to fix memleaks.Michael Adam1-1/+1
current_timestring used to return a string talloced to talloc_tos(). When called by DEBUG from a TALLOC_FREE, this produced messages "no talloc stackframe around, leaking memory". For example when used from net conf. This also adds a temporary talloc context to alloc_sub_basic(). For this purpose, the exit strategy is slightly altered: a common exit point is used for success and failure. Michael (This used to be commit 16b5800d4e3a8b88bac67b2550d14e0aaaa302a9)
2008-02-27Use new LSA_POLICY defines in lsa rpc server code and other places.Günther Deschner1-1/+1
Guenther (This used to be commit 58cca9faf9db506bd2f6eab4a99ef85153797ab2)
2008-02-16Use rpccli_netr_ServerPasswordSet in "just_change_the_password()".Günther Deschner1-1/+26
Guenther (This used to be commit 33f91c894488687a42500e751eb9016d99d9129c)
2008-02-13Use rpccli_lsa_EnumTrustDom all over the place.Günther Deschner1-2/+26
Guenther (This used to be commit a25e7ffbca9c2c97dd36b0596e7cb38a72aaf9d9)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-1/+1
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-3/+3
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-2/+2
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-1/+1
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-1/+1
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-4/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+4
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-1/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16363: Fix Klocwork ID 981 1652Volker Lendecke1-1/+5
Volker (This used to be commit ce1d8423ef7cd86fc64200002fde707bca621d44)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-3/+4
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-2/+2
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-17/+30
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r6392: - Fixes bug 2564: when smbc_opendir() was called with a file rather thanDerrell Lipman1-3/+0
a directory, the errno returned could end up as ENOENT rather than ENOTDIR. - Fixes some compiler warnings which showed up on IRIX, as reported by James Peach. (This used to be commit 615a62b21f8d2f7f97bde2f166ddd6849d39b95c)
2004-01-05Change our Domain controller lookup routines to more carefully seperateAndrew Bartlett1-1/+1
DNS names (realms) from NetBIOS domain names. Until now, we would experience delays as we broadcast lookups for DNS names onto the local network segments. Now if DNS comes back negative, we fall straight back to looking up the short name. Andrew Bartlett (This used to be commit 32397c8b01f1dec7b05140d210bb32f836a80ca6)
2003-12-28Shutting down the connection closes outstanding sessions, so we don't needAndrew Bartlett1-1/+0
to do it twice... Amdrew Bartlett (This used to be commit 8f9a069c59cbd357cbef8814764c10f6d8b6e6e8)
2003-11-22adding a useful debugGerald Carter1-0/+1
(This used to be commit e374ce779efaec001c1476e0710ceaa9c3b84e8d)
2003-09-16Applied Steve Langasek's patch for bug #450.Tim Potter1-3/+4
(This used to be commit e3cb0cd0d60d90a76e5f74d5bda702148584ab30)
2003-08-19 - Make 'net' use a single funciton for setting the 'use machine account' code.Andrew Bartlett1-5/+4
- Make winbindd try to use kerberos for connections to DCs, so that it can access RA=2 servers, particularly for netlogon. - Make rpcclient follow the new flags for the NETLOGON pipe - Make all the code that uses schannel use the centralised functions for doing so. Andrew Bartlett (This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)
2003-07-30Add a command line option (-S on|off|required) to enable signing on clientJeremy Allison1-1/+1
connections. Overrides smb.conf parameter if set. Jeremy. (This used to be commit 879309671df6b530e0bff69559422a417da4a307)
2003-07-01* fixed volker's wbinfo -a lockup again. This one was my fault.Gerald Carter1-60/+19
It was caused by the winbind_ping() call in is_trusted_domain() o if we are a DC then we check our own direct trust relationships we have to rely on winbindd to update the truatdom_cache o if we are a domain member, then we can update the trustdom_cache ourselves if winbindd is not there (This used to be commit 22dfcafb37f7109dc455f4fb6323a25ba4f097bc)
2003-07-01* fix the trustdom_cache to work when winbindd is not running.Gerald Carter1-22/+78
smbd will update the trustdom_cache periodically after locking the timestamp key (This used to be commit 7bc4b65b91f98271089335cc301146d5f0c76c3a)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter1-1/+9
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-08Fix some memory leaks and extra cache startups/shutdowns from the trustedAndrew Bartlett1-3/+1
domains lookup code. Andrew Bartlett (This used to be commit 0ec1b1207041a3b6050046ba6d7b466dd4fcf341)
2003-05-01Turn down some DEBUG()s and remove some duplicate code spotted by dfenwick.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 542a8b1817d3930e03e08e16e9711cacceb6df61)
2003-04-16Store the type of 'sec channel' that we establish to the DC. If we are aAndrew Bartlett1-36/+29
workstation, we have to use the workstation type, if we have a BDC account, we must use the BDC type - even if we are pretending to be a workstation at the moment. Also actually store and retreive the last change time, so we can do periodic password changes again (for RPC at least). And finally, a couple of minor fixes to 'net'. Andrew Bartlett (This used to be commit 6e6b7b79edae3efd0197651e9a8ce6775c001cf2)
2003-03-17Fix a memory leak - 'smbcontrol smbd pool-usage' is your freind!Andrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit a12e8524997e329a4f4cd766d6371e384698795a)