summaryrefslogtreecommitdiff
path: root/source3/utils/net_rpc_join.c
AgeCommit message (Collapse)AuthorFilesLines
2008-04-02Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner1-2/+2
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
2008-03-15Fix typo.Günther Deschner1-1/+1
Guenther (This used to be commit e12721f73db72b99aa0e4be35c51aa8636eb3f59)
2008-02-27Add my copyright.Günther Deschner1-0/+1
Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97)
2008-02-12Collect all init_lsa_string varients in one place.Günther Deschner1-6/+0
Guenther (This used to be commit f4581e9f4482566fba9436d5ae058b8d840fa394)
2008-02-12Use rpccli_samr_SetUserInfo2() in place of rpccli_samr_set_userinfo().Günther Deschner1-10/+7
Guenther (This used to be commit 1b48b9d73d971ef18b8a2ea240e48902b703b74b)
2008-02-12Remove all callers of rpccli_samr_setuserinfo2 and replace withGünther Deschner1-8/+6
rpccli_samr_SetUserInfo (see the opcode mixup in rpc_samr.h). Guenther (This used to be commit bdc49185036060ebb9c727767dce52e4b01bd8b4)
2008-02-08Use rpccli_samr_LookupNames() in net.Günther Deschner1-13/+12
Guenther (This used to be commit a513ae630c9dc0b81215e5513c19f45f18cbc1f1)
2008-02-08Use rpccli_lsa_QueryInfoPolicy() all over the place.Günther Deschner1-2/+8
Guenther (This used to be commit ce22abcea3446e4ad42e8e04654b9855b173c5a1)
2008-02-04Use rpccli_samr_Connect2() all over the place.Günther Deschner1-3/+4
Guenther (This used to be commit bdf8d562621e1a09bf83e2009dec24966e7fdf22)
2008-02-01Use rpccli_samr_CreateUser2() all over the place.Günther Deschner1-4/+18
Guenther (This used to be commit 701af69118c9634c7dc0d5c10152ce776787694d)
2008-02-01Use rpccli_samr_OpenUser() all over the place.Günther Deschner1-3/+5
Guenther (This used to be commit da90eb7653554d242da83ed98adae35ced3a2938)
2008-02-01Use rpccli_samr_OpenDomain() all over the place.Günther Deschner1-4/+6
Guenther (This used to be commit e4e9d72724d547e1405b2ed4cec509d50ec88c8d)
2008-01-31Remove rpccli_samr_close and use pidl generated function instead.Günther Deschner1-2/+2
Guenther (This used to be commit 64f0889401855ab76953bfae5db4fe4df19ad8a5)
2008-01-25Trying to avoid defining new SAMR acct creation flags when we already have ↵Günther Deschner1-4/+7
them with different names. Matt, Jeremy, please check. Guenther (This used to be commit d4a9e46edf7336f673c001c559af96eb0ecf9f6f)
2008-01-23Windows 2008 (Longhorn) auth2 flag fixes.Andreas Schneider1-2/+2
Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
2008-01-23Forward ported version of Matt Geddes <musicalcarrion@gmail.com>Jeremy Allison1-1/+7
patch for adding acct_flags to rpccli_samr_create_dom_user(). Jerry please test. Jeremy. (This used to be commit 7d94f97947b7edfcf3ec52f0125e4593d6d54c05)
2008-01-15Apply const to rpccli_lsa_query_info_policy() and ↵Günther Deschner1-2/+2
rpccli_lsa_query_info_policy2(). Guenther (This used to be commit 7a3fe68bef7acde9d9f8a7a44ce7e9432f3c5a95)
2007-10-24This is a large patch (sorry). Migrate from struct in_addrJeremy Allison1-3/+3
to struct sockaddr_storage in most places that matter (ie. not the nmbd and NetBIOS lookups). This passes make test on an IPv4 box, but I'll have to do more work/testing on IPv6 enabled boxes. This should now give us a framework for testing and finishing the IPv6 migration. It's at the state where someone with a working IPv6 setup should (theorecically) be able to type : smbclient //ipv6-address/share and have it work. Jeremy. (This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
2007-10-10r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree.Gerald Carter1-2/+2
The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
2007-10-10r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags,Gerald Carter1-2/+2
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>. (This used to be commit 8304ccba7346597425307e260e88647e49081f68)
2007-10-10r25198: Change net_rpc_join_ok() to return NTSTATUS for betterMichael Adam1-12/+19
error propagation. Michael (This used to be commit 5a16da2185f07d1f48fabd93a7a6b8f2d6b91089)
2007-10-10r25197: Change net_make_ipc_connection() and net_make_ipc_connection_ex() toMichael Adam1-2/+5
return NTSTATUS to allow for better error propagation. Michael (This used to be commit 46093004a788dae83a4ddb888ca5d72f555c236c)
2007-10-10r24789: Add implementation of machine-authenticated connection to netlogonRafal Szczesniak1-1/+16
pipe used when connecting to win2k and newer domain controllers. The server may be configured to deny anonymous netlogon connections which would stop domain join verification step. Still, winnt domains require such smb sessions not to be authenticated using machine credentials. Creds employed in smb session cannot have a username in upn form, so provide the separate function to use machine account. rafal (This used to be commit 30d99d8ac3379caadc5bdb353977149d1ee16403)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r21831: Back out r21823 for a while, this is going into a bzr tree first.Volker Lendecke1-3/+1
Volker (This used to be commit fd0ee6722ddfcb64b5cc9c699375524ae3d8709b)
2007-10-10r21823: Let secrets_store_machine_password() also store the account name. ↵Volker Lendecke1-1/+3
Not used yet, the next step will be a secrets_fetch_machine_account() function that also pulls the account name to be used in the appropriate places. Volker (This used to be commit f94e5af72e282f70ca5454cdf3aed510b747eb93)
2007-10-10r18747: replace rpccli_lsa_close() with rpccli_lsa_Close()Gerald Carter1-1/+1
(This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74)
2007-10-10r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607Volker Lendecke1-1/+4
in net_rpc.c: 715 716 732 734 735 736 737 738 739 749 in net_rpc_audit.c: 754 755 756 in net_rpc_join.c: 757 in net_rpc_registry: 766 767 in net_rpc_samsync.c: 771 773 in net_sam.c: 797 798 Volker (This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584)
2007-10-10r15543: New implementation of 'net ads join' to be more like Windows XP.Gerald Carter1-4/+4
The motivating factor is to not require more privileges for the user account than Windows does when joining a domain. The points of interest are * net_ads_join() uses same rpc mechanisms as net_rpc_join() * Enable CLDAP queries for filling in the majority of the ADS_STRUCT->config information * Remove ldap_initialized() from sam/idmap_ad.c and libads/ldap.c * Remove some unnecessary fields from ADS_STRUCT * Manually set the dNSHostName and servicePrincipalName attribute using the machine account after the join Thanks to Guenther and Simo for the review. Still to do: * Fix the userAccountControl for DES only systems * Set the userPrincipalName in order to support things like 'kinit -k' (although we might be able to just use the sAMAccountName instead) * Re-add support for pre-creating the machine account in a specific OU (This used to be commit 4c4ea7b20f44cd200cef8c7b389d51b72eccc39b)
2007-10-10r14087: Protect against domain being NULL. Finish Coverity #152.Jeremy Allison1-4/+12
Jeremy. (This used to be commit 88dd4ab48127bb08fdeb0b5c236020e0b910f0d8)
2007-10-10r14085: Fix coverity bg #152, uninit'ed var.Jim McDonough1-1/+1
(This used to be commit d8e69c18e0d34c99525080b3afaf2778be3a5ec2)
2007-10-10r13641: Finish fix for #3510. Don't use client schannel when toldJeremy Allison1-13/+39
not to, cope with a server that doesn't offer schannel also. Jeremy (This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
2007-10-10r13614: First part of the bugfix for #3510 - net join failsJeremy Allison1-14/+21
against server with schannel disabled. Second part will come tomorrow (fixing net_rpc_join_ok()). Jeremy. (This used to be commit 7de1ee18619bf99c5db45692e085d0646e52378f)
2007-10-10r12986: Use d_fprintf(stderr, ...) for any error message in net.Lars Müller1-4/+4
All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb)
2007-10-10r11492: Fix bug #3224 (I hope). Correctly use machine_account_nameJeremy Allison1-3/+4
and client_name when doing netlogon credential setup. Jeremy. (This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
2007-10-10r10656: BIG merge from trunk. Features not copied overGerald Carter1-57/+73
* \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
2007-10-10r8564: Sometimes we're too dumb to live... Fix samr calls where we wereJeremy Allison1-5/+5
using USER_INFO_XX structs and functions where XX was sometimes in hex and sometimes in decimal. Now it's all in decimal (should be no functionality change). Jeremy. (This used to be commit 84651aca04cbcbf50ab2e78333cc9d9e49dd92f5)
2007-10-10r7415: * big change -- volker's new async winbindd from trunkGerald Carter1-2/+2
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
2007-10-10r6769: Fix bugzilla #2538 and #2527. Unused variables found by Jason Mader.Tim Potter1-2/+1
(This used to be commit 68b1c1f533e5c91634f5da21659c8e5793cb77f7)
2007-10-10r5203: additional changes for BUG 2291 to restrict who can join a BDC and ↵Gerald Carter1-1/+1
add domain trusts (This used to be commit 5ec1faa2ad33772fb48c3863e67d2ce4be726bb2)
2007-10-10r4570: Replace cli->nt_pipe_fnum with an array of NT file numbers, one for eachVolker Lendecke1-2/+2
supported pipe. Netlogon is still special, as we open that twice, one to do the auth2, the other one with schannel. The client interface is completely unchanged for those who only use a single pie. cli->pipe_idx is used as the index for everything except the "real" client rpc calls, which have been explicitly converted in my last commit. Next step is to get winbind to just use a single smb connection for multiple pipes. Volker (This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-1/+1
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid ofTim Potter1-1/+1
'..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6)
2004-02-08Make more functions static, and remove duplication in the use of functionsAndrew Bartlett1-1/+1
in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e)
2004-01-26This adds client-side support for the unicode/SAMR password change scheme.Andrew Bartlett1-8/+1
As well as avoiding DOS charset issues, this scheme returns useful error codes, that we can map back via the pam interface. This patch also cleans up the interfaces used for password buffers, to avoid duplication of code. Andrew Bartlett (This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
2004-01-15Fix net rpc join (at least newstyle) after it was broken by changingJim McDonough1-5/+5
the parms to cli_lsa_query_info_policy without changing them here... (This used to be commit a885df7635a9230bc6cca88e7e8fb1420c74c7fb)
2003-11-22Add support for variable-length session keys in our client code.Andrew Bartlett1-4/+4
This means that we now support 'net rpc join' with KRB5 (des based) logins. Now, you need to hack 'net' to do that, but the principal is important... When we add kerberos to 'net rpc', it should be possible to still do user management and the like over RPC. (server-side support to follow shortly) Andrew Bartlett (This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
2003-07-03Removed strupper/strlower macros that automatically map to ↵Jeremy Allison1-2/+2
strupper_m/strlower_m. I really want people to think about when they're using multibyte strings. Jeremy. (This used to be commit ff222716a08af65d26ad842ce4c2841cc6540959)
2003-06-16This glosses over John's problem at SambaXP 2003. When we want to joinVolker Lendecke1-3/+17
a NT4 domain as a BDC with an existing workstation account (existing bdc is fine), we fail. Print a friendly error message in this case. The correct solution would probably be to delete the account and try again. But even this makes us better than NT: NT4 fails in this situation with an empty warning message box and an unusable BDC. It has unsuccessfully tried to suck down the domain database, and thus has no administrator account to log in after reboot.... Volker (This used to be commit 1ddeea2179b11cedccf205c7ffea523ee6750b24)