summaryrefslogtreecommitdiff
path: root/source4/libnet/libnet_join.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r21175: Fix the kerberos keytab update code to handle deletes.Andrew Bartlett1-28/+0
Fix the join code to know that the ldb layer handles the keytab update. Andrew Bartlett (This used to be commit d3fbc089f4161ae71b21077d50130fdabd8b2d77)
2007-10-10r21141: Attempt to fix the buildVolker Lendecke1-1/+1
(This used to be commit 3f41a4b014a47b3c751066f5d1bef7f76f4be831)
2007-10-10r20964: Show the domain name we figured out, rather than a null pointer (inAndrew Bartlett1-1/+1
some error cases) Andrew Bartlett (This used to be commit 4195839d1a6102d7c6ae17c1b1db0418c99c9241)
2007-10-10r20397: Another user of the DsCrackNames call needs a rename following IDL ↵Andrew Bartlett1-2/+2
clarification. Andrew Bartlett (This used to be commit 77169958fc42d8ea4561f6218919a34c330259d3)
2007-10-10r20294: Without this we don't do the ADS join against Win2k3 SP1Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 7a7f1a97644ab420cf43282d6979881c5c4c59b6)
2007-10-10r20205: remove unused varStefan Metzmacher1-2/+0
metze (This used to be commit a77e1bd1b48e953773db47a5469b1712794f26cf)
2007-10-10r20113: Update the DRSUAPI CrackNames test to explore a few more cases, and inAndrew Bartlett1-4/+7
particular to verify more expected results. Also return more details from the join process. Now we also return the machine account's GUID. Andrew Bartlett (This used to be commit 5b32f102af1fc7acb56bf7eaa40068d60a1ee396)
2007-10-10r20102: Do not reference remote_ldb before we initialise it. This should fixAndrew Bartlett1-8/+8
up many of the build farm failures. Andrew Bartlett (This used to be commit 924af98ffaab3735c3f31014059e7cd0abd71919)
2007-10-10r20099: Add some comments, and correct others.Andrew Bartlett1-2/+4
Andrew Bartlett (This used to be commit d1b1a4c059bfa93bd55f9ffc718e802695c50cc9)
2007-10-10r19934: - allow to pass a samr_UserInfo21 struct to be passed to ↵Stefan Metzmacher1-25/+11
libnet_SetPassword() - as the SetUserInfo2() levels 26/25 and 24/23 have the same encryption but 26 and 24 change only the password and 25 and 23 take a info21 and change the password, we now use 26 with fallback to 24 or 25 with fallback to 23. - use samr_SetUserInfo2() to match what w2k3 does (works also against nt4) - pass the info21 to libnet_SetPassword() to set acct_flags and full_name together with the password (to match what w2k3 does) metze (This used to be commit 1b86af32f3069cc75ae645698d3f92a0798e38f7)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-3/+3
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-7/+7
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett1-0/+1
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19573: Move secrets.o into param/ (subsystems haven't been integrated yet).Jelmer Vernooij1-1/+1
(This used to be commit 8143de855c0b65346b2d8e59ecdb78952927de4a)
2007-10-10r19309: Split out checks for LDB_SUCCESS from checks for the expected numberAndrew Bartlett1-3/+11
of returned entries. Andrew Bartlett (This used to be commit 84efd9ecd994b53817dde8c1ad995afb7ebc8192)
2007-10-10r19299: Fix possible memleaksSimo Sorce1-0/+1
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
2007-10-10r19266: Add a target_hostname element to the binding struct. This allows usAndrew Bartlett1-1/+1
to perform a lookup once, resolve the name to an IP, while still communicating the full name to the lower layers, for kerberos etc. This fixes 'net samdump', which was failing due to the schannel target name being *smbserver. Andrew Bartlett (This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
2007-10-10r19261: Fix use of unitialised variables. (The binding string is used, if notAndrew Bartlett1-0/+2
NULL). This showed up in a manual pre-TP3 test of the 'net samdump' code, and shows the critical need for the windows testing infrustructure on the build farm. Andrew Bartlett (This used to be commit 9cef40779ad987b506b1f514a67b5b1c8aea9969)
2007-10-10r18609: error_string should not contain newlines.Günther Deschner1-14/+14
Guenther (This used to be commit 556666756418ad50c533199c736fe3696a7e20cb)
2007-10-10r17954: Avoid including \n in error strings (left over from DEBUG() conversion).Andrew Bartlett1-12/+18
Make it easier to debug CrackNames failures. Andrew Bartlett (This used to be commit 5dd07074db0b25ea2e929bbdcf89f26e3665bd1c)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce1-1/+1
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r16226: Fixes for various segfault bugs found against a buggy Samba4. WithAndrew Bartlett1-2/+2
the current API we need to check both that the RPC didn't fault, and that the query succeeded. Also print the right things in debug messages. Andrew Bartlett (This used to be commit d18e515391f8f5038e9aaaba596099052011b53a)
2007-10-10r15504: Revert -r 15500 and -r 15503 until I'm awake, and can get my headAndrew Bartlett1-1/+1
around the mess that is composite functions... Async might be all the rage, but it's bloody painful to debug. Andrew Bartlett (This used to be commit 756e1dad7ce54b83f8170db3434bfcfc4afe7e65)
2007-10-10r15500: Add support for interactive prompting on bad passwords to the RPC ↵Andrew Bartlett1-1/+1
libraries. This support requires that the bind_ack and alter_ack recv functions also be send the DCE/RPC fault. This would be best done by having the ack run as a normal RPC reply callback, but this isn't easily possible for now. Andrew Bartlett (This used to be commit be6dde22fe728d64d47875699d3421c6d8d872a4)
2007-10-10r15435: Turn libnet_RpcConnectDCInfo into another level of libnet_RpcConnectRafal Szczesniak1-6/+5
and make it async. Also, update any other usages of old function. Build goes fine and so do tests, comments to follow. rafal (This used to be commit aef0a2de9d2f01a6f619e3fccc8715288f5c37a3)
2007-10-10r15426: Implement SPNEGO as the default RPC authentication mechanism. WhereAndrew Bartlett1-2/+2
this isn't supported, fallback to NTLM. Also, where we get a failure as 'logon failure', try and do a '3 tries' for the password, like we already do for CIFS. (Incomplete: needs a mapping between RPC errors and the logon failure NTSTATUS). Because we don't yet support Kerberos sign/seal to win2k3 SP1 for DCE/RPC, disable this (causing SPNEGO to negotiate NTLM) when kerberos isn't demanded. Andrew Bartlett (This used to be commit b3212d1fb91b26c1d326a289560106dffe1d2e80)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+0
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14716: Remove username from debug message, it just causes valgrind assertions.Andrew Bartlett1-4/+2
Andrew Bartlett (This used to be commit c978fea2a14979d8431b2be9ff35ab47fc1a4a08)
2007-10-10r14470: Remove some unnecessary headers.Jelmer Vernooij1-2/+0
(This used to be commit f7312dab3b9aba2b2b82e8a6e0c483a32a03a63a)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14402: Generate seperate headers for RPC client functions.Jelmer Vernooij1-0/+2
(This used to be commit 7054ebf0249930843a2baf4d023ae8f62cedb109)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13104: Migrate and set secrets keytab values in the 'net join' code. ThisAndrew Bartlett1-0/+30
avoids falling back to in-memory keytabs. Andrew Bartlett (This used to be commit 59fbce01c6814b8e411e7de6ee66739161520a3c)
2007-10-10r12976: Patch from Brad Henry <j0j0@riod.ca>:Andrew Bartlett1-169/+2
This patch pulls the AD site name generation and site join code from libnet/libnet_join.c and puts it into a new file, libnet/libnet_site.c. This way, a common means for site name, configuration dn and server dn generation exists so it doesn't need to be rewritten in new code (such as the future libnet_leave for example). I've made a couple of changes, but nothing dramatic. Nice work Brad! Andrew Bartlett (This used to be commit 45f67b3f6d506cc8cb9922184a8c0c9b59a8f702)
2007-10-10r12930: Fix ADS join: I wasn't filling in the flag 'realm' variable any more.Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit 5c5a2974c94ae6b929ada7aaa2cd12a15b7468b8)
2007-10-10r12903: Factor out a new routine libnet_RpcConnectDCInfo, to both connect toAndrew Bartlett1-182/+68
the remote sever, and to query it for domain information. Provide and use this information in the SamSync/Vampire callbacks, to allow a parallel connection to LDAP, if we are talking to AD. This allows us to get at some important attributes not exposed in the old protocol. With this, we are able to do a all-GUI vampire of a AD domain from SWAT, including getting all the SIDs, servicePrincipalNames and the like correct. Andrew Bartlett (This used to be commit 918358cee0b4a1b2c9bc9e68d9d53428a634281e)
2007-10-10r12886: Rename 'secure_channel_type' parameter to domain join as 'join_type'.Andrew Bartlett1-6/+6
Andrew Bartlett (This used to be commit a3b3e09a9acc66dff7baf1a4ba0ea913bccdbd7d)
2007-10-10r12883: Fix the build...Andrew Bartlett1-3/+1
Andrew Bartlett (This used to be commit 8f7d14048fe29fd2c8b3e3c7aa73b4a854615016)
2007-10-10r12882: Allow the netbios name to be specified at all times.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit f4f4dcf217314980aa114d61a1546d2c18b55baa)
2007-10-10r12865: Upgrade the librpc and libnet code.Andrew Bartlett1-7/+4
In librpc, always try SMB level authentication, even if trying schannel, but allow fallback to anonymous. This should better function with servers that set restrict anonymous. There are too many parts of Samba that get, parse and modify the binding parameters. Avoid the extra work, and add a binding element to the struct dcerpc_pipe The libnet vampire code has been refactored, to reduce extra layers and to better conform with the standard argument pattern. Also, take advantage of the new libnet_Lookup code, so we don't require the silly 'password server' smb.conf parameter. To better support forcing traffic to be sealed for the vampire operation, the dcerpc_bind_auth() function now takes an auth level parameter. Andrew Bartlett (This used to be commit d65b354959842326fdd4bd7eb7fbeea0390f4afa)
2007-10-10r12858: This moves the libnet_LookupPdc code to use a GetDC request to findAndrew Bartlett1-9/+13
the remote server's name, or in the absence of a local nbt_server to communicate with (or without root access), a node status request. The result is that we are in a better position to use kerberos, as well as to remove the 'password server' mandatory parameter for the samsync and samdump commands. (I need this to put these into SWAT). The only problem I have is that I must create a messaging context, which requires a server ID. As a client process, I don't expect to get messages, but it is currently required for replies, so I generate a random() number. We probably need the servers to accept connections on streamed sockets too, for client-only tasks that want IRPC. Because I wanted to test this code, I have put the NET-API-* tests into our test scripts, to ensure they pass and keep passing. They are good frontends onto the libnet system, and I see no reason not to test them. In doing so the NET-API-RPCCONNECT test was simplified to take a binding string on the command line, removing duplicate code, and testing the combinations in the scripts instead. (I have done a bit of work on the list shares code in libnet_share.c to make it pass 'make test') In the future, I would like to extend the libcli/findds.c code (based off volker's winbind/wb_async_helpers.c, which is why it shows up a bit odd in the patch) to handle getting multiple name replies, sending a getdc request to each in turn. (posted to samba-technical for review, and I'll happily update with any comments) Andrew Bartlett (This used to be commit 7ccddfd3515fc2c0d6f447c768ccbf7a220c3380)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-1/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-3/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij1-0/+1
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12510: Change the DCE/RPC interfaces to take a pointer to aJelmer Vernooij1-8/+4
dcerpc_interface_table struct rather then a tuple of interface name, UUID and version. This removes the requirement for having a global list of DCE/RPC interfaces, except for these parts of the code that use that list explicitly (ndrdump and the scanner torture test). This should also allow us to remove the hack that put the authservice parameter in the dcerpc_binding struct as it can now be read directly from dcerpc_interface_table. I will now modify some of these functions to take a dcerpc_syntax_id structure rather then a full dcerpc_interface_table. (This used to be commit 8aae0f168e54c01d0866ad6e0da141dbd828574f)
2007-10-10r12430: Clarify libnet_join code. Add/fix comments.Andrew Bartlett1-10/+10
Andrew Bartlett (This used to be commit a3372935eee12c99d8c4a29eda45e8d0f1039896)
2007-10-10r12423: Remove DEBUG(0) printouts in favor of more information to the caller.Andrew Bartlett1-5/+3
I assume this works better with SWAT and the like anyway. Andrew Bartlett (This used to be commit b11975703d5e32f6f3ad10079106b1345fa56b5c)
2007-10-10r12421: Handle the case where we are a joining as different account types ↵Andrew Bartlett1-32/+78
far better. Andrew Bartlett (This used to be commit 0ce82e8a41f0fdea9928e3e341680232cc640e18)