summaryrefslogtreecommitdiff
path: root/source3/rpcclient/cmd_netlogon.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11853: Add Dsr_GetSiteName (handy for experimenting with GPOs).Günther Deschner1-0/+26
Guenther (This used to be commit c54430a7b5e40d3bdf8afdc813eb722c0a3b861e)
2007-10-10r11706: Implement dsr_getdcname client code. It's handy: It not only gives ↵Volker Lendecke1-0/+30
you the IP address but also the fqdn of the remote dc and site info. Volker (This used to be commit 62d01ce7e6c14971084c208ab61f379cb172cb22)
2007-10-10r11573: Adding Andrew Bartlett's patch to make machine accountJeremy Allison1-1/+1
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes the auth module interface to 2 (from 1). The effect of this is that clients can access resources as a machine account if they set these flags. This is the same as Windows (think of a VPN where the vpn client authenticates itself to a VPN server using machine account credentials - the vpn server checks that the machine password was valid by performing a machine account check with the PDC in the same was as it would a user account check. I may add in a restriction (parameter) to allow this behaviour to be turned off (as it was previously). That may be on by default. Andrew Bartlett please review this change carefully. Jeremy. (This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-33/+19
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r1590: Small fixes from Günther DeschnerVolker Lendecke1-7/+3
(This used to be commit 2d68fdf06b3b027227ab77372b001b13fd2b494d)
2004-04-02Implement NETLOGON GetDCName client side. You can ask a DC for the name ofVolker Lendecke1-0/+26
a DC it trusts. Volker (This used to be commit ae6840320ff47827c2817549fe3133a57e3fe77f)
2003-08-19- Fix the kerberos downgrade problem:Andrew Bartlett1-49/+35
- When connecting to the NETOGON pipe, we make a call to auth2, in order to verify our identity. This call was being made with negotiation flags of 0x1ff. This caused our account to be downgraded. If we instead make the call with flags > 1ff (such as 0x701ff), then this does not occour. - This is *not* related to the use of kerberos for the CIFS-level connection My theory is that Win2k has a test to see if we are sending *exactly* what NT4 sent - setting any other flags seems to cause us to remain intact. Also ensure that we only have 'setup schannel' code in a few places, not scattered around cmd_netlogon too. Andrew Bartlett (This used to be commit e10f0529fe9d8d245b3cd001cce6a9a86896679c)
2003-08-14Change Samba to always use extended security for it's guest logins, (ie,Andrew Bartlett1-0/+2
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to all of Samba's clients. When connecting to an Active Directory DC, you must initiate the CIFS level session setup with Kerberos, not a guest login. If you don't, your machine account is demoted to NT4. Andrew Bartlett (This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
2003-05-08This puts real netlogon connection caching to winbind. This becomesVolker Lendecke1-1/+8
important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
2003-04-21Merge from HEAD - save the type of channel used to contact the DC.Andrew Bartlett1-4/+6
This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a)
2003-04-14Merge: remove unused variable.Tim Potter1-1/+0
(This used to be commit 6a1d99d318c2dddc01d8262f31c7afbe9bb1a286)
2003-04-09This is the netlogon schannel client code. Try aVolker Lendecke1-19/+0
rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8)
2003-03-18Merge of waider's rpcclient return type patch.Tim Potter1-5/+5
(This used to be commit fb91bfa7a28f548dcc549f7e09805e4485c83538)
2003-02-25Merge: const fixes.Tim Potter1-6/+6
(This used to be commit a20aba09996e470425a151271237f2d48a8302af)
2002-10-04merge of new client side support the Win2k LSARPC UUID in rpcbindGerald Carter1-5/+5
from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-17/+22
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17sync 3.0 branch with HEADJelmer Vernooij1-3/+3
(This used to be commit 6497eb78e87a6ffa4c2c61aa4ef6ecd451821a27)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-3/+6
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-13update the ldap support code. it compiles.Jean-François Micouleau1-1/+5
Ignacio you can update your howto ;-) samsync: a small patch to try chaning challenges. J.F. (This used to be commit c99bc305599698f2291efbfe20024355cb2bcde0)
2001-10-30Allow the logon level to be passed to cli_netlogon_sam_logon() rather thanTim Potter1-4/+4
the validation level. (This used to be commit c79e94ea27aab31423b1bdc34e9cff25688dbe5f)
2001-10-30Added samlogon command to test against win2k native mode server. I thinkTim Potter1-0/+58
there's a bug in the marshalling of net_sam_logon. (This used to be commit 7c5ac46b8ad0be681d102e7ef3478d64d7a2b8e6)
2001-10-12Some old stuff hanging around since the CIFS conference. Big cleanup ofTim Potter1-98/+44
rpcclient code. Refactored cmd_* functions to move common mem_ctx and pipe opening stuff up one level. Moved rpcclient.h into rpcclient directory and out of includes/smb.h (This used to be commit a40facba9651f9fb1dcc9e143f92ca298a324312)
2001-10-02Removed 'extern int DEBUGLEVEL' as it is now in the smb.h header.Tim Potter1-2/+0
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
2001-09-18Converted cli_net_auth2() and cli_nt_setup_creds() to return NTSTATUS.Tim Potter1-2/+6
(This used to be commit e0bdcbc5994345fdc76f7590dba7bce5f0127d58)
2001-09-04it now all compiles - so try enabling it by default and see what explodes on ↵Andrew Tridgell1-23/+23
the build farm (This used to be commit 5bb7e4f0f65edf1db20245f403cbe81833134240)
2001-08-28Merge of sam sync code from TNG.Tim Potter1-3/+217
Reverse-engineered the sam replication protocol from staring at hex dumps for a while. It's pretty similar to the sam sync protocol with a couple of different delta header types. I wasn't able to figure out the format of the privilege stuff - needs more time and a whiteboard. (-: The impressive bit is that the sam sync stuff from tng basically just worked thanks mainly to Luke Leighton's efforts in this area. (This used to be commit 3a60cb44f22d5f3f8c78a56ed8f5ea4794cd7ab3)
2001-08-27converted another bunch of stuff to NTSTATUSAndrew Tridgell1-2/+2
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
2001-07-20Started adding some help/usage info for rpcclient commands.Tim Potter1-4/+7
(This used to be commit 37052a1bcc5cd049918c3d5ac4c41c3a669290af)
2001-06-23fix compiler warningsSimo Sorce1-0/+2
(This used to be commit 1959864490e79756257ba10431b188de78b8c8a7)
2001-05-24Added srvinfo and partial logonctrl and logonctrl2 commands.Tim Potter1-1/+75
(This used to be commit c93718daa1375269e4e0ef52016271b7a607e292)
2001-05-24Added stubs for SRVSVC and NETLOGON rpcclient commands.Tim Potter1-114/+10
(This used to be commit 3343c9f0d67d98687e5933e1a73c0ff487279160)
2000-06-23just enough to get rpcclient to compile. Look for #if 0Gerald Carter1-0/+2
blocks around a few unimplemented functions. Also had to add cli_reg.c to Makefile.in --jerry (This used to be commit 426c43fb5167b042682c22e67871e5ebadb4b769)
2000-06-03moved secrets fns into secrets.cAndrew Tridgell1-2/+2
(This used to be commit f890bcf06786e7c63bf76fad2fd46d287a99a270)
2000-05-08added secrets.tdb and changed storage of trust account password to useAndrew Tridgell1-2/+4
it (This used to be commit 88ad00b82acc4636ab57dfe710af08ea85b82ff1)
2000-04-25moved trans2.h and nterr.h into includes.h with all our other includesAndrew Tridgell1-1/+0
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
1999-12-13first pass at updating head branch to be to be the same as the SAMBA_2_0 branchAndrew Tridgell1-146/+21
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
1999-12-08ABOUT TIME!!!!!!!!Luke Leighton1-1/+1
damn, this one is bad. started, at least two days ago, to add an authentication mechanism to the smbd<->msrpc redirector/relay, such that sufficient unix / nt information could be transferred across the unix socket to do a become_user() on the other side of the socket. it is necessary that the msrpc daemon inherit the same unix and nt credentials as the smbd process from which it was spawned, until such time as the msrpc daemon receives an authentication request of its own, whereupon the msrpc daemon is responsible for authenticating the new credentials and doing yet another become_user() etc sequence. (This used to be commit 30c7fdd6ef10ecd35594311c1b250b95ff895489)
1999-12-02cleaning up: removing those horrible references to server listLuke Leighton1-4/+2
functions (cli_net_use_addlist()). needed originally because there was no get_dc_any_name() function. (This used to be commit 3a2b920ea2e6704b2574f404e1e41c7cfc0f96b2)
1999-12-01damn, that took a while. nt login password was being stored incorrectlyLuke Leighton1-0/+2
in private .mac file (oops). ntlogin test now works. (This used to be commit c98c66690683965612e9631d77c2dff91ec8a872)
1999-12-011) when no domain used in ntlogin test command, should use default oneLuke Leighton1-1/+28
from previous lsaquery command. over-ridden from DOMAIN\username 2) initialisation of cli_state is a little more specific: sets use_ntlmv2 to Auto. this can always be over-ridden. 3) fixed reusage of ntlmssp_cli_flgs which was being a pain 4) added pwd_compare() function then fixed bug in cli_use where NULL domain name was making connections multiply unfruitfully 5) type-casting of mallocs and Reallocs that cause ansi-c compilers to bitch (This used to be commit 301a6efaf67ddc96e6dcfd21b45a82863ff8f39a)
1999-11-29attempting to resolve the issue that multiple servers often specified inLuke Leighton1-3/+6
parameters to connect to \PIPE\NETLOGON. (This used to be commit d1986ade30bdcac1f49707221a3e5a5ae597ce62)
1999-11-29ok. got ntlogin command working. argh, it maintains a connection toLuke Leighton1-1/+1
the remote machine, because i don't know what to _do_ with it!!!! argh!!! (This used to be commit 85cc680736f17e3f879895be5dac8f1427653919)
1999-11-29first attempt at getting \PIPE\NETLOGON working. it's pretty horrible.Luke Leighton1-28/+35
(This used to be commit 44dd3efa6380544e9a515e91960f9271498cefaf)
1999-11-24ok. *whew*. this is the first completed part of the restructure.Luke Leighton1-6/+7
verified that lsaquery, lsalookupsids work, and found some bugs in the parameters of these commands :-) soo... we now have an lsa_* api that has the same arguments as the nt Lsa* api! cool! the only significant coding difference is the introduction of a user_credentials structure, containing user, domain, pass and ntlmssp flags. (This used to be commit 57bff6fe82d777e599d535f076efb2328ba1188b)
1999-11-22another four next_token() removals (using getopt instead)Luke Leighton1-5/+17
(This used to be commit 3e76ca9b172e1a6886e714d6a36453f30ff3e771)
1999-11-22okay :) all cmd_() functions now take int argc, char **argv :) thatLuke Leighton1-3/+3
means that some commands need more work, as they still use next_token(), the use of which i wish to avoid. plus, i was getting fed up of the poor command-line processing in some of these commands. i'm starting to need getopt() in them, especially in samsetuser. WARNING: only cmd_samr has been modded to use getopt() so far! reg commands won't work, esp. (This used to be commit 9a1efa03c8bb86c9b7e73f102a9d48fb6a57a523)
1999-10-26adding extra parameter back in to trust account functions (trust account name).Luke Leighton1-1/+4
restoring opening S-1-5-20 in sam enum users code. (This used to be commit 1be877114e2e958c59e6516dacf22d3fb5a4240f)
1999-10-21the dynamic memory alloc blood-fest goes on...Luke Leighton1-3/+3
(This used to be commit 134b20e2a7b5ddfa4cc9bf100de5025c7b98f594)
1999-10-21various. debug levels changed. nmbd doesn't need libsmb/clienttrust.c.Luke Leighton1-3/+6
samr_lookup_rids() moved to a dynamic memory structure not a static one limited to 32 RIDs. cli_pipe.c reading wasn't checking ERRmoredata when DOS error codes negotiated (this terminates MSRPC code with prejudice). (This used to be commit 8976eca2db43576c32069dcda017e8777048e007)