summaryrefslogtreecommitdiff
path: root/source3/rpcclient/cmd_netlogon.c
AgeCommit message (Collapse)AuthorFilesLines
2003-08-19- Fix the kerberos downgrade problem:Andrew Bartlett1-49/+35
- When connecting to the NETOGON pipe, we make a call to auth2, in order to verify our identity. This call was being made with negotiation flags of 0x1ff. This caused our account to be downgraded. If we instead make the call with flags > 1ff (such as 0x701ff), then this does not occour. - This is *not* related to the use of kerberos for the CIFS-level connection My theory is that Win2k has a test to see if we are sending *exactly* what NT4 sent - setting any other flags seems to cause us to remain intact. Also ensure that we only have 'setup schannel' code in a few places, not scattered around cmd_netlogon too. Andrew Bartlett (This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
2003-08-14Change Samba to always use extended security for it's guest logins, (ie,Andrew Bartlett1-0/+2
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to all of Samba's clients. When connecting to an Active Directory DC, you must initiate the CIFS level session setup with Kerberos, not a guest login. If you don't, your machine account is demoted to NT4. Andrew Bartlett (This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+8
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-4/+6
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-14Merge: remove unused variable.Tim Potter1-1/+0
(This used to be commit 6a1d99d318c2dddc01d8262f31c7afbe9bb1a286)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-19/+0
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Merge of waider's rpcclient return type patch.Tim Potter1-5/+5
(This used to be commit fb91bfa7a28f548dcc549f7e09805e4485c83538)
2003-02-25Merge: const fixes.Tim Potter1-6/+6
(This used to be commit a20aba09996e470425a151271237f2d48a8302af)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-5/+5
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-17/+22
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with HEADJelmer Vernooij1-3/+3
(This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-3/+6
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-1/+5
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-10-30Allow the logon level to be passed to cli_netlogon_sam_logon() rather thanTim Potter1-4/+4
the validation level. (This used to be commit c79e94ea27aab31423b1bdc34e9cff25688dbe5f)
2001-10-30Added samlogon command to test against win2k native mode server. I thinkTim Potter1-0/+58
there's a bug in the marshalling of net_sam_logon. (This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
2001-10-12Some old stuff hanging around since the CIFS conference. Big cleanup ofTim Potter1-98/+44
rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-18Converted cli_net_auth2() and cli_nt_setup_creds() to return NTSTATUS.Tim Potter1-2/+6
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
2001-09-04it now all compiles - so try enabling it by default and see what explodes on ↵Andrew Tridgell1-23/+23
the build farm (This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
2001-08-28Merge of sam sync code from TNG.Tim Potter1-3/+217
Reverse-engineered the sam replication protocol from staring at hex dumps for a while. It's pretty similar to the sam sync protocol with a couple of different delta header types. I wasn't able to figure out the format of the privilege stuff - needs more time and a whiteboard. (-: The impressive bit is that the sam sync stuff from tng basically just worked thanks mainly to Luke Leighton's efforts in this area. (This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-2/+2
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-07-20Started adding some help/usage info for rpcclient commands.Tim Potter1-4/+7
(This used to be commit 37052a1bcc5cd049918c3d5ac4c41c3a669290af)
2001-06-23fix compiler warningsSimo Sorce1-0/+2
(This used to be commit 1959864490e79756257ba10431b188de78b8c8a7)
2001-05-24Added srvinfo and partial logonctrl and logonctrl2 commands.Tim Potter1-1/+75
(This used to be commit c93718daa1375269e4e0ef52016271b7a607e292)
2001-05-24Added stubs for SRVSVC and NETLOGON rpcclient commands.Tim Potter1-114/+10
(This used to be commit 3343c9f0d67d98687e5933e1a73c0ff487279160)
2000-06-23just enough to get rpcclient to compile. Look for #if 0Gerald Carter1-0/+2
blocks around a few unimplemented functions. Also had to add cli_reg.c to Makefile.in --jerry (This used to be commit 426c43fb5167b042682c22e67871e5ebadb4b769)
2000-06-03moved secrets fns into secrets.cAndrew Tridgell1-2/+2
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-2/+4
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-146/+21
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-1/+1
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-02cleaning up: removing those horrible references to server listLuke Leighton1-4/+2
functions (cli_net_use_addlist()). needed originally because there was no get_dc_any_name() function. (This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2)
1999-12-01damn, that took a while. nt login password was being stored incorrectlyLuke Leighton1-0/+2
in private .mac file (oops). ntlogin test now works. (This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
1999-12-011) when no domain used in ntlogin test command, should use default oneLuke Leighton1-1/+28
from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
1999-11-29attempting to resolve the issue that multiple servers often specified inLuke Leighton1-3/+6
parameters to connect to \PIPE\NETLOGON. (This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62)
1999-11-29ok. got ntlogin command working. argh, it maintains a connection toLuke Leighton1-1/+1
the remote machine, because i don't know what to _do_ with it!!!! argh!!! (This used to be commit 85cc680736f17e3f879895be5dac8f1427653919)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-28/+35
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-6/+7
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-11-22another four next_token() removals (using getopt instead)Luke Leighton1-5/+17
(This used to be commit 3e76ca9b172e1a6886e714d6a36453f30ff3e771)
1999-11-22okay :) all cmd_() functions now take int argc, char **argv :) thatLuke Leighton1-3/+3
means that some commands need more work, as they still use next_token(), the use of which i wish to avoid. plus, i was getting fed up of the poor command-line processing in some of these commands. i'm starting to need getopt() in them, especially in samsetuser. WARNING: only cmd_samr has been modded to use getopt() so far! reg commands won't work, esp. (This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
1999-10-26adding extra parameter back in to trust account functions (trust account name).Luke Leighton1-1/+4
restoring opening S-1-5-20 in sam enum users code. (This used to be commit 1be877114e2e958c59e6516dacf22d3fb5a4240f)
1999-10-21the dynamic memory alloc blood-fest goes on...Luke Leighton1-3/+3
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
1999-10-21various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.Luke Leighton1-3/+6
samr_lookup_rids() moved to a dynamic memory structure not a static one limited to 32 RIDs. cli_pipe.c reading wasn't checking ERRmoredata when DOS error codes negotiated (this terminates MSRPC code with prejudice). (This used to be commit 8976eca2db43576c32069dcda017e8777048e007)
1999-10-19need status codes from cli_net_req_chal() and cli_net_auth2().Luke Leighton1-2/+4
this format is what i would like _all_ these functions to be (returning status codes, not BOOL) but that's a horrendous amount of work at the moment :) (This used to be commit 02f240604241367f146b26934ad1a1b2563430de)
1999-09-21split matthew's sync command (only currently called from smbpasswd)Luke Leighton1-5/+13
into a separate module (This used to be commit d99eca020a255022dbc71f3671127343d75db59e)
1999-07-21BDC support.Luke Leighton1-1/+10
(This used to be commit 2331aa32ab36c3ee5fd8cfbe972e57299939e33d)
1999-06-02Some more BDC-related fixes, mainly to the NET_SAM_SYNC RPC with respectMatthew Chapman1-22/+1
to alignment, missing fields, etc. - it should now work correctly. There is still the problem of decoding the private data field. (This used to be commit c3c25e762fbc30d5663323f23449c913f2ce4b0e)
1999-04-08Mainly BDC-related changes.Matthew Chapman1-1/+29
* Added SEC_CHAN_BDC * Propagate sec_chan into the various functions which change trust account passwords, so they can be used for domain control and inter-domain trusts. * Fix for endianness problem reported by Edan Idzerda <edan@mtu.edu>. A BUFFER2 is really a "unibuf" in my terminology and we should treat it as such. * Added some more common NT structures (BIGINT, BUFHDR2, BUFFER4). * Added NET_SAM_SYNC (-> NetDatabaseSync2) RPC for account replication. Still experimental and incomplete, with a few too many NULL security descriptors lying around (must go look at Jeremy's SD code). Haven't worked out password encryption yet either. However, the XXX_INFO structures I've added to rpc_netlogon.h are quite nice as they give some insight into how these objects are stored in the SAM. (This used to be commit 7b830350eb54dc9d357c115e12ddf9a0633527ac)
1999-03-12new "domtrust" test command. r&d into inter-domain trust accounts.Luke Leighton1-1/+43
(This used to be commit 65b0abe8b7594ff6c662da86dc2e35bd83a2d13d)