summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-11-03Remove most of the remaining globals out of lib/util_sock.c.Jeremy Allison1-2/+2
I have a plan for dealing with the remaining..... Watch this space. Jeremy. (This used to be commit 963fc7685212689f02b3adcc05b4273ee5c382d4)
2007-11-03I can't get away without a 'length' arg. :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit 95d01279a5def709d0a5d5ae7224d6286006d120)
2007-11-03Stop get_peer_addr() and client_addr() from using globalJeremy Allison1-2/+4
statics. Part of my library cleanups. Jeremy. (This used to be commit e848506c858bd16706c1d7f6b4b032005512b8ac)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-3/+3
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23055: Rewrite messages.c to use auto-generated marshalling in the tdb. I'mVolker Lendecke1-1/+1
doing this because for the clustering the marshalling is needed in more than one place, so I wanted a decent routine to marshall a message_rec struct which was not there before. Tridge, this seems about the same speed as it used to be before, the librpc/ndr overhead in my tests was under the noise. Volker (This used to be commit eaefd00563173dfabb7716c5695ac0a2f7139bb6)
2007-10-10r22911: Pass a messaging_context to message_send_allVolker Lendecke1-1/+2
(This used to be commit cc92ce665dcfe9054d09429219883b18a4cab090)
2007-10-10r22761: This introduces lib/conn_tdb.c with two main functions: ↵Volker Lendecke1-15/+1
connections_traverse and connections_forall. This centralizes all the routines that did individual tdb_open("connections.tdb") and direct tdb_traverse. Volker (This used to be commit e43e94cda1ad8876b3cb5d1129080b57fa6ec214)
2007-10-10r22001: change prototype of dump_data(), so that it takes unsigned char * now,Stefan Metzmacher1-1/+1
which matches what samba4 has. also fix all the callers to prevent compiler warnings metze (This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
2007-10-10r19058: Implement "user cannot change password", and complete "user must changeJim McDonough1-1/+1
password at next logon" code. The "password last set time" of zero now means "user must change password", because that's how windows seems to use it. The "can change" and "must change" times are now calculated based on the "last set" time and policies. We use the "can change" field now to indicate that a user cannot change a password by putting MAX_TIME_T in it (so long as "last set" time isn't zero). Based on this, we set the password-can-change bit in the faked secdesc. (This used to be commit 21abbeaee9b7f7cff1d34d048463c30cda44a2e3)
2007-10-10r16409: Fix Klocwork ID's.Volker Lendecke1-0/+5
1177 In reg_perfcount.c: 1200 1202 1203 1204 In regfio.c: 1243 1245 1246 1247 1251 Jerry, the reg_perfcount and regfio.c ones, can you take a look please? This is really your code, and I'm not sure I did the right thing to return an error. smbcacls.c: 1377 srv_eventlog_nt.c: 1415 1416 1417 srv_lsa_nt.c: 1420 1421 srv_netlog_nt.c: 1429 srv_samr_nt: 1458 1459 1460 Volker Volker (This used to be commit d6547d12b1c9f9454876665a5bdb010f46b9f5ff)
2007-10-10r16241: Fix Klocwork #106 and others like it.Jeremy Allison1-10/+14
Make 2 important changes. pdb_get_methods() returning NULL is a *fatal* error. Don't try and cope with it just call smb_panic. This removes a *lot* of pointless "if (!pdb)" handling code. Secondly, ensure that if samu_init() fails we *always* back out of a function. That way we are never in a situation where the pdb_XXX() functions need to start with a "if (sampass)" test - this was just bad design, not defensive programming. Jeremy. (This used to be commit a0d368197d6ae6777b7c2c3c6e970ab8ae7ca2ae)
2007-10-10r16054: Janitor for Volker ? Volker - some reason you didn'tJeremy Allison1-2/+1
fix this in 3.0 ? Jeremy. We had no way to return NT_STATUS_OK from the netlogon serverpwset, although we successfully set the machine password... One thing the samba3 join test found. Volker (This used to be commit e5b7acc9b5cb6e8cf3d03c9d392fad06e0d282d9)
2007-10-10r14450: Fix more get_md4pw() breakage caused by missing "breaks"Gerald Carter1-0/+3
in the switch statement which matched the schannel type against the account type. (This used to be commit 57c705ea63381ed9ab09145b4f57a736931fa6ca)
2007-10-10r14448: * protect against NULL cli_state* pointers in cli_rpc_pipe_open()Gerald Carter1-3/+4
* Fix inverted logic check for machine accounts in get_md4pw() (This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
2007-10-10r14443: rework get_md4pw() to ease debugging. The only functional change is thatGünther Deschner1-24/+69
we now check wheter the sec_channel_type matches the trust account type. Guenther (This used to be commit c35eb449375d53ffa0815897e7723c203be1f732)
2007-10-10r13711: * Correctly handle acb_info/acct_flags as uint32 not as uint16.Günther Deschner1-2/+2
* Fix a couple of related parsing issues. * in the info3 reply in a samlogon, return the ACB-flags (instead of returning zero) Guenther (This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
2007-10-10r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new()Gerald Carter1-3/+8
* replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f)
2007-10-10r13576: This is the beginnings of moving the SAM_ACCOUNT data structureGerald Carter1-12/+12
to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0)
2007-10-10r13571: Replace all calls to talloc_free() with thye TALLOC_FREE()Gerald Carter1-3/+3
macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2)
2007-10-10r13557: (Hopefully) get the creds store/restore key right fromJeremy Allison1-18/+35
the correct part of the netlogon and schannel packets. Jeremy. (This used to be commit 4877f336b257e6f59833a6e0679959a2ec879974)
2007-10-10r13556: Ensure that any potential creds operation are protectedJeremy Allison1-14/+31
by schannel if "server schannel = true" was set. Jeremy. (This used to be commit fd84d9703ed01feb010df4ebb7e9ceb0d063780b)
2007-10-10r13553: Fix all our warnings at -O6 on an x86_64 box.Jeremy Allison1-2/+2
Jeremy. (This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
2007-10-10r13548: Always use the get_remote_macinhe_name() as the keyJeremy Allison1-49/+47
for the creds store. This should fix the problems Jerry reported (but I have still to run tests :-). Jeremy. (This used to be commit 43f095a38d66caa774d80fe32e1b96ec25dd1f07)
2007-10-10r13544: -O1 janitor work :-)Volker Lendecke1-6/+5
(This used to be commit a95d7d722273863efa820674672393fe6e5a33b7)
2007-10-10r13539: Add 128 bit creds processing client and server. Thanks to Andrew ↵Jeremy Allison1-2/+4
Bartlett's Samba4 code. Jeremy. (This used to be commit a2fb436fc5dd536cfe860be93f55f9cb58139a0e)
2007-10-10r13519: Fix the credentials chaining across netlogon pipe disconnects.Jeremy Allison1-43/+126
I mean it this time :-). Jeremy. (This used to be commit 80f4868944d349015d2b64c2414b06466a8194aa)
2007-10-10r13449: Ensure we don't crash if no dc struct on pipe.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a9e1d0f3b4fd7a0732a5023d0b4dcc2c4b1b03f8)
2007-10-10r13447: Added LSA_LOOKUPSIDS2 and LSA_LOOKUPSIDS3.Jeremy Allison1-1/+5
Jeremy. (This used to be commit a164cfab420a2439dad8fd85f8b4d652087fa6b9)
2007-10-10r13439: Fix NET_SAM_LOGON_EX.Jeremy Allison1-0/+1
Jeremy. (This used to be commit 9437ffc84f4d924ab67f3e16ef507d2aeeeb5f34)
2007-10-10r13436: Add in NET_SAM_LOGON_EX. Still needs testing.Jeremy Allison1-12/+54
Jeremy (This used to be commit f58d0ebf749ad6dab562e74e9fd2c16606183d6c)
2007-10-10r13434: Add stub for NET_SAM_LOGON_EX.Jeremy Allison1-0/+10
Jeremy. (This used to be commit 58544eb3c848e1dddd774270fbaae7d704a37b53)
2007-10-10r13407: Change the credentials code to be more like the Samba4 structure,Jeremy Allison1-6/+2
makes fixes much easier to port. Fix the size of dc->sess_key to be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd store in secrets.tdb though. Should fix some uses of the dc->sess_key where we where assuming we could read 16 bytes. Jeremy. (This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
2007-10-10r13399: Get closer to passing RPC-SCHANNEL test.Jeremy Allison1-5/+9
Jeremy. (This used to be commit 8ae70122b79fbe682c227ec2c4e5a72bf58d76de)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-46/+50
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13147: Raise creds_server_step fail log messages to debug level 2.Jeremy Allison1-3/+3
These can happen in normal operation (I think - not 100% sure) and don't want to alarm admins. Jerry please add this to 3.0.21b. Jeremy. (This used to be commit 47178b1b5ad06905f345a0f6b6267701d8aefddb)
2007-10-10r11917: Move nt_token_to_group_list to srv_netlog_nt.c. srv_util.c is empty now.Volker Lendecke1-0/+29
Volker (This used to be commit ae4ffc1cfb745a756d047c35f947f80acf4b0e55)
2007-10-10r11617: fix typoGerald Carter1-1/+1
(This used to be commit 37d2bf02f37f6d1b5bac9523f085c00625722761)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-1/+4
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-2/+2
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10792: Fix the "schannel not stored across client disconnects" problem.Jeremy Allison1-4/+6
Based on the Samba4 solution - stores data in $samba/private/schannel_store.tdb. This tdb is not left open but open and closed on demand. Jeremy. (This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
2007-10-10r10724: Got a little ahead of myself...Jeremy Allison1-1/+0
Jeremy. (This used to be commit 86ffef8162393be3da81fda13772f0f1d40b0d08)
2007-10-10r10722: Remove unused BOOL in struct dcinfo.Jeremy Allison1-0/+4
Ensure that the mach_acct and remote machine entries are set correctly in struct dcinfo - we'll need this as a key for a persistent schannel state later. Jeremy. (This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-122/+147
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10269: Server-side fix for creds change - revert jcmd's change.Jeremy Allison1-8/+2
Jeremy. (This used to be commit e1c9813d63a441037bc71622a29acda099d72f71)
2007-10-10r9261: Fix #2976: windows member servers wouldn't alloc connections from usersJim McDonough1-0/+9
defined locally because if we didn't find them as a DC we were marking the response as authoritative. Now if it's not a domain we know, we mark the response non-authoritative. Fix from jpjanosi@us.ibm.com (This used to be commit d522277b86ff728f6f2b9feb2f8e3fa38c43d162)
2007-10-10r9242: Fix my fix for #2953. I'd moved too much code until after we verify ↵Jim McDonough1-3/+3
the user, causing netlogon to return an invalid response for failed interactive logons. (This used to be commit 4deb918b682fb51d8712cfdafc6210275dd10fc4)
2007-10-10r9112: Fix #2953 - credentials chain on DC gets out of sync with client whenJim McDonough1-5/+12
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)