summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_netlog_nt.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11917: Move nt_token_to_group_list to srv_netlog_nt.c. srv_util.c is empty now.Volker Lendecke1-0/+29
Volker (This used to be commit ae4ffc1cfb745a756d047c35f947f80acf4b0e55)
2007-10-10r11617: fix typoGerald Carter1-1/+1
(This used to be commit 37d2bf02f37f6d1b5bac9523f085c00625722761)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-1/+4
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r11137: Compile with only 2 warnings (I'm still working on that code) on a gcc4Jeremy Allison1-2/+2
x86_64 box. Jeremy. (This used to be commit d720867a788c735e56d53d63265255830ec21208)
2007-10-10r10792: Fix the "schannel not stored across client disconnects" problem.Jeremy Allison1-4/+6
Based on the Samba4 solution - stores data in $samba/private/schannel_store.tdb. This tdb is not left open but open and closed on demand. Jeremy. (This used to be commit a6d8a4b1ff31c5552075455dbd98cb58795958a9)
2007-10-10r10724: Got a little ahead of myself...Jeremy Allison1-1/+0
Jeremy. (This used to be commit 86ffef8162393be3da81fda13772f0f1d40b0d08)
2007-10-10r10722: Remove unused BOOL in struct dcinfo.Jeremy Allison1-0/+4
Ensure that the mach_acct and remote machine entries are set correctly in struct dcinfo - we'll need this as a key for a persistent schannel state later. Jeremy. (This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-122/+147
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r10269: Server-side fix for creds change - revert jcmd's change.Jeremy Allison1-8/+2
Jeremy. (This used to be commit e1c9813d63a441037bc71622a29acda099d72f71)
2007-10-10r9261: Fix #2976: windows member servers wouldn't alloc connections from usersJim McDonough1-0/+9
defined locally because if we didn't find them as a DC we were marking the response as authoritative. Now if it's not a domain we know, we mark the response non-authoritative. Fix from jpjanosi@us.ibm.com (This used to be commit d522277b86ff728f6f2b9feb2f8e3fa38c43d162)
2007-10-10r9242: Fix my fix for #2953. I'd moved too much code until after we verify ↵Jim McDonough1-3/+3
the user, causing netlogon to return an invalid response for failed interactive logons. (This used to be commit 4deb918b682fb51d8712cfdafc6210275dd10fc4)
2007-10-10r9112: Fix #2953 - credentials chain on DC gets out of sync with client whenJim McDonough1-5/+12
NT_STATUS_NO_USER returned. We were moving to the next step in the chain when the client wasn't. Only update when the user logs on. (This used to be commit b01a3a4111f544eef5bd678237d07a82d1ce9c22)
2007-10-10r8432: Fix #2077 - login to trusted domain doesn't allow home drive map and ↵Jim McDonough1-2/+7
login scripts to be executed. We were filling in our name as the server which processed the login, even when it was done by a trusted DC. Thanks to John Janosik <jpjanosi@us.ibm.com> for the fix. (This used to be commit 0446319a3b8096df385978449ffaa231bc5cfd0c)
2007-10-10r7217: Only allow schannel connections if a successful Auth2 has been doneVolker Lendecke1-0/+2
before. Things tested: Domain join and subsequent interactive and network logon to NT4, W2kSP and XPSP2 workstations and a NT4 domain trusting us. Right now I've got problems with my W2k3 domain trusts. So this needs testing, although I'm really confident that this does not break. Volker (This used to be commit c25b4afda2b657b73a6215d3ff36461a36496ba3)
2007-10-10r7139: trying to reduce the number of diffs between trunk and 3.0; changing ↵Gerald Carter1-6/+0
version to 3.0.20pre1 (This used to be commit 9727d05241574042dd3aa8844ae5c701d22e2da1)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-2/+3
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2761: Print the decrypted, not encrypted key.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 1833d0ab724d88411ebd79ac26f5642e7c8cfee3)
2007-10-10r2137: This is a patch I've been running at Hawker for a while.Andrew Bartlett1-19/+29
The purpose of this patch is to avoid changing the machine account password, when it has 'already been changed'. This occours in situations where the secure channel between the workstation and the DC breaks down, such as occoured in the MS04-11 security patch. This avoids LDAP replication load issues, due to the client changing the password repeatedly. We also now set the LM password to NULL explicitly, rather than the NT password value, as this is what we get out of a vampire, or when a long password is set (as XP seems to do these days). Andrew Bartlett (This used to be commit 1ad1317a815898b52b1803211ab7b502e331e782)
2007-10-10r1492: Rework our random number generation system.Andrew Bartlett1-1/+1
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). Andrew Bartlett (This used to be commit 36741d3cf53a7bd17d361251f2bb50851cdb035f)
2007-10-10r991: Allow winbindd to use the domain trust account passwordGerald Carter1-13/+56
for setting up an schannel connection. This solves the problem of a Samba DC running winbind, trusting a native mode AD domain, and needing to enumerate AD users via wbinfo -u. (This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
2007-10-10r196: merging struct uuid from trunkGerald Carter1-0/+17
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
2007-10-10r69: Global rename of 'nt_session_key' -> 'user_session_key'. The session ↵Andrew Bartlett1-7/+7
key could be anything, and may not be based on anything 'NT'. This is also what microsoft calls it. (This used to be commit 724e8d3f33719543146280062435c69a835c491e)
2004-03-18Fix sambaUserWorkstations for network samlogons against us as DC. StripVolker Lendecke1-1/+9
the \\ off the workstation. Volker (This used to be commit d01cb00aad76f8be9767fdcfd92c88ea5d8c4f14)
2003-11-22Changes all over the shop, but all towards:Andrew Bartlett1-6/+17
- NTLM2 support in the server - KEY_EXCH support in the server - variable length session keys. In detail: - NTLM2 is an extension of NTLMv1, that is compatible with existing domain controllers (unlike NTLMv2, which requires a DC upgrade). * This is known as 'NTLMv2 session security' * (This is not yet implemented on the RPC pipes however, so there may well still be issues for PDC setups, particuarly around password changes. We do not fully understand the sign/seal implications of NTLM2 on RPC pipes.) This requires modifications to our authentication subsystem, as we must handle the 'challege' input into the challenge-response algorithm being changed. This also needs to be turned off for 'security=server', which does not support this. - KEY_EXCH is another 'security' mechanism, whereby the session key actually used by the server is sent by the client, rather than being the shared-secret directly or indirectly. - As both these methods change the session key, the auth subsystem needed to be changed, to 'override' session keys provided by the backend. - There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation. - The 'names blob' in NTLMSSP is always in unicode - never in ascii. Don't make an ascii version ever. - The other big change is to allow variable length session keys. We have always assumed that session keys are 16 bytes long - and padded to this length if shorter. However, Kerberos session keys are 8 bytes long, when the krb5 login uses DES. * This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. * - Add better DEBUG() messages to ntlm_auth, warning administrators of misconfigurations that prevent access to the privileged pipe. This should help reduce some of the 'it just doesn't work' issues. - Fix data_blob_talloc() to behave the same way data_blob() does when passed a NULL data pointer. (just allocate) REMEMBER to make clean after this commit - I have changed plenty of data structures... (This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
2003-11-07Remove compleatly wrong comments. (There were correct, 2 years ago...)Andrew Bartlett1-6/+0
Andrew Bartlett (This used to be commit 256b85802e5820847fbad4305fcb0f5da2e51975)
2003-07-23Typo in comment.Tim Potter1-1/+1
(This used to be commit 6a9bfcd3b8996a0322f733689fd5e8bf24f224c8)
2003-07-03This patch takes the work the jerry did for beta2, and generalises it:Andrew Bartlett1-2/+0
- The 'not implmented' checks are now done by all auth modules - the ntdomain/trustdomain/winbind modules are more presise as to what domain names they can and cannot handle - The become_root() calls are now around the winbind pipe opening only, not the entire auth call - The unix username is kept seperate from the NT username, removing the need for 'clean off the domain\' in parse_net.c - All sid->uid translations are now validated with getpwuid() to put a very basic stop to logins with 'half deleted' accounts. Andrew Bartlett (This used to be commit 85f88191b9927cc434645ef4c1eaf5ec0e8af2ec)
2003-07-03well this was easy...Gerald Carter1-2/+1
When winbindd is running on a PDC the SAM_ACCOUNT for a trusted user has a username of DOMAIN\user. Make sure to trim the domain part from the username when filling in the net_sam_logon reply. This fixes the browsing issues i was seen across domain trusts. (This used to be commit 62e36e6ede067ace23f5473d04917c7eeedf07e2)
2003-06-30* cleanup more DC name resolution issues in check_*domain_security()Gerald Carter1-14/+13
* is_trusted_domain() is broken without winbind. Still working on this. * get_global_sam_name() should return the workgroup name unless we are a standalone server (verified by volker) * Get_Pwnam() should always fall back to the username (minus domain name) even if it is not our workgroup so that TRUSTEDOMAIN\user can logon if 'user' exists in the local list of accounts (on domain members w/o winbind) Tested using Samba PDC with trusts (running winbindd) and a Samba 3.0 domain member not running winbindd. notes: make_user_info_map() is slightly broken now due to the fact that is_trusted_domain() only works with winbindd. disabled checks temporarily until I can sort this out. (This used to be commit e1d6094d066d4c16ab73075caba40a1ae6c56b1e)
2003-06-29Here's the code to make winbindd work on a Samba DCGerald Carter1-0/+2
to handle domain trusts. Jeremy and I talked about this and it's going in as working code. It keeps winbind clean and solves the trust problem with minimal changes. To summarize, there are 2 basic cases where the deadlock would occur. (1) lookuping up secondary groups for a user, and (2) get[gr|pw]nam() calls that fall through the NSS layer because they don't exist anywhere. o To handle case #1, we bypass winbindd in sys_getgrouplist() unless the username includes the 'winbind separator'. o Case #2 is handled by adding checks in winbindd to return failure if we are a DC and the domain matches our own. This code has been tested using basic share connections, domain logons, and with pam_winbind (both with and without 'winbind use default domain'). The 'trustdomain' auth module should work as well if an admin wants to manually create UNIX users for acounts in the trusted domains. Other misc fixes: * we need to fix check_ntlm_password() to be able to determine if an auth module is authoritative over a user (NT_STATUS_WRONG_PASSWORD, etc...). I worked around my specific situation, but this needs to be fixed. the winbindd auth module was causing delays. * fix named server mutex deadlock between trust domain auth module and winbindd looking up a uid * make sure SAM_ACCOUNT gets stored in the server_info struct for the _net_sam_logon() reply. Configuration details: The recommended method for supporting trusts is to use winbind. The gets us around some of the server mutex issues as well. * set 'files winbind' for passwd: and group: in /etc/nsswitch.conf * create domain trusts like normal * join winbind on the pdc to the Samba domain using 'net rpc join' * add normal parameters to smb.conf for winbind * set 'auth method = guest sam winbind' * start smbd, nmbd, & winbindd Problems that remain: * join a Windows 2k/XP box to a Samba domain. * create a 2-way trust between the Samba domain and an NT domain * logon to the windows client as a user from theh trusted domain * try to browse server in the trusted domain (or other workstations). an NT client seems to work ok, but 2k and XP either prompt for passwords or fail with errors. apparanently this never got tested since no one has ever been able to logon as a trusted user to a Samba domain from a Windows client. (This used to be commit f804b590f9dbf1f0147c06a0a2f12e221ae6fc3b)
2003-04-22Setting the credentials for the netsec netlogon pipe connect upon eachVolker Lendecke1-8/+0
samlogon call certainly breaks the credential chain. Do it once during the bind response. Volker (This used to be commit d4262c37f13642e034d3e207bfbb563c17a8a176)
2003-04-06Merge the TNG netlogon schannel from HEAD.Volker Lendecke1-1/+33
No more XP requiresignorseal anymore! Thanks again to Luke :-) Volker (This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-1/+1
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2003-02-02Merge from HEAD: Send the session key to the client, allowing it to perform SMBAndrew Bartlett1-1/+10
signing. Andrew Bartlett (This used to be commit 9bcdb869e53ee8048dd69053b804bdaf55db7b91)
2003-01-04Merge from HEAD - extract user's list of SIDs from their NT_TOKEN and returnAndrew Bartlett1-10/+8
this as thier list of groups, rather than do a seperate lookup. This NT_TOKEN is originally initgroups() (or equiv) based. We currently send all sids in our domain, perhaps this should be further restricted, but this works for now. Andrew Bartlett (This used to be commit f5850928a011211f03e5b9ece37682fd9243e2ba)
2003-01-04Fix another pstring/fstring typoAndrew Bartlett1-1/+1
(This used to be commit 42e1af2008a86005beb4e93a8b208ca6685c3edd)
2003-01-03Merge from HEAD - make Samba compile with -Wwrite-strings without additionalAndrew Bartlett1-2/+2
warnings. (Adds a lot of const). Andrew Bartlett (This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
2002-11-20merged the %U changes to 3.0Andrew Tridgell1-0/+1
(This used to be commit 58fa6bfee8ba35cc182c18c980e0a4040ddd7d09)
2002-11-12Removed global_myworkgroup, global_myname, global_myscope. Added liberalJeremy Allison1-4/+1
dashes of const. This is a rather large check-in, some things may break. It does compile though :-). Jeremy. (This used to be commit f755711df8f74f9b8e8c1a2b0d07d02a931eeb89)
2002-11-02Merge passdb from HEAD -> 3.0Andrew Bartlett1-2/+2
The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+2
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with HEADJelmer Vernooij1-3/+3
(This used to be commit e01596853e3eea533baa08c33f26ded75f33fdd4)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-15/+38
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-27merge from SAMBA_2_2Gerald Carter1-6/+6
(This used to be commit fe099006bbd1103edb5804d70743b211bbc584fb)
2002-03-17Renamed get_nt_error_msg() to nt_errstr().Tim Potter1-1/+1
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
2002-03-05Spelling fixes.Tim Potter1-3/+3
(This used to be commit a7fa0733badad66ae610eac5e01569cf264976f3)
2002-03-03Some more fixes to enusre we execute the same code pathes as before thisAndrew Bartlett1-8/+8
change, just in different packets. (This used to be commit ffa6c61f0bb0c413d4bcc46da3bc879c40a40569)
2002-03-03This patch allows NT4 domains to trust Samba.Andrew Bartlett1-84/+81
Simply add an account (smbpasswd -a -i REMOTEDOM) and join with 'user manager' on the remote domain. The only issue (at the auth level at least) that prevented NT4 domains from trusting Samba was that our netlogon code was based on what appear to be invalid assumptions. The netlogon code appears to assume that the 'client name' specified corrosponds to an account of the same form. This doesn't apply in trusted domains, becouse the account is in the form domain$ Now that we use the supplied account name, and no longer make our access control checks at the challange stage (where this info is unavailable) we match the Win2k behaviour for invalid machine logins, and don't need to know the names of PDCs/BDCs in trusting domains. We also kill off the 'you logged on with a machine account, use your user account' error message, becouse the previous NT_STATUS return was compleatly bogus. (The ACCESS_DENIED we now return matches Win2k, and gives snane error messages on the client). TNG doesn't use this and has to do magic password syncs between the various accounts for domain/pdc/bdc. This patch feels like the much more natural way of doing things, and has been mildly tested. Andrew Bartlett (This used to be commit 542673fcd6654a1d0966dddadde177a4c4ce135d)
2002-03-01SECURITY FIXES:Andrew Bartlett1-1/+7
Remove a stray 'unbecome_root()' in the ntdomain an auth failure case. Only allow trust accounts to request a challange in srv_netlogon_nt.c. Currently any user can be the 'machine' for the domain logon. MERGE for 2.2. Andrew Bartlett (This used to be commit 0242d0e17827b05d8cd270f675d2595fa67fd5b9)