summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
AgeCommit message (Collapse)AuthorFilesLines
2012-12-16s4-rpc_server: use netlogon_creds_encrypt_samlogon().Günther Deschner1-34/+3
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Sun Dec 16 01:34:01 CET 2012 on sn-devel-104
2012-12-09s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner1-5/+23
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner1-1/+6
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-09-26netlogon: Per MS-NRPC, don't send unknown workstation flags back to theJelmer Vernooij1-1/+2
client.
2012-07-17s4:rpc_server/netlogon: add support for AES based netlogon schannelStefan Metzmacher1-0/+4
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: only return STRONG_KEYS if the client asked for itStefan Metzmacher1-26/+31
metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-07-17s4:rpc_server/netlogon: implement netr_LogonGetCapabilitiesStefan Metzmacher1-2/+20
This is also needed to support AES. metze Signed-off-by: Günther Deschner <gd@samba.org>
2012-02-27s4-netlogond: Fix use of uninitialised value dns_nameAndrew Bartlett1-19/+8
The GET_CHECK_STR macro (now unrolled) did not initialise the trusts->array[n].dns_name when the value was not set. New tests for our trusted domains code create domain trusts without a DNS domain name. Found by the autobuild flakey build detector. Andrew Bartlett
2011-12-23s4:netlogon RPC server - dcesrv_netr_DsRGetSiteName - add a small explainationMatthias Dieter Wallnöfer1-0/+5
NETLOGON pipe is only thought for DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4:netlogon RPC server - DsRGetDcNameEx - set the DNS name flags correctlyMatthias Dieter Wallnöfer1-0/+14
The rules are explained in MS-NRPC 2.2.1.2.1. Patch inspired by Matthieu Patou. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-11-27s4-netlogon: return WERR_NO_SUCH_DOMAIN instead of WERR_DS_UNAVAILABLE if we ↵Matthieu Patou1-1/+1
are unable to translate the domain to a dn Signed-off-by: Matthias Dieter Wallnöfer <mdw@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-10-13libcli/auth: Provide a struct loadparm_context to schannel callsAndrew Bartlett1-3/+3
This will allow us to pass this down to the tdb_wrap layer. Andrew Bartlett
2011-06-08s4-ipv6: fill in pdc_ip in DsRGetDCNameEx2Andrew Tridgell1-3/+12
this may be different from the CLDAP response, as it can be IPv6 Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Wed Jun 8 06:07:29 CEST 2011 on sn-devel-104
2011-05-08s4-auth Rename auth -> auth4 to avoid conflict with s3 authAndrew Bartlett1-1/+1
2011-04-04s4-rpc: improved error mapping for several RPC server callsAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2011-03-01s4:netlogon RPC server - "LogonGetDomainInfo" - check for NULL attributesMatthias Dieter Wallnöfer1-17/+29
This is needed to complete the transition from "samdb_msg_add_string" to "ldb_msg_add_string". And this patch yields better NTSTATUS error results than before (INVALID_PARAMETER rather than OUT_OF_MEMORY). Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Tue Mar 1 14:42:15 CET 2011 on sn-devel-104
2011-02-28Fix some typesJelmer Vernooij1-3/+3
Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-09s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett1-7/+7
This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
2011-02-02s4:rpc_server/netlogon: add dcesrv_netr_LogonSamLogon_check()Stefan Metzmacher1-10/+83
We need to check for invalid parameters before we check for access denied. metze
2011-02-02s4:rpc_server/netlogon: set *r->out.authoritative = 1 even on ↵Stefan Metzmacher1-2/+3
INVALID_PARAMETER/INFO_CLASS metze
2011-02-02s4:rpc_server/netlogon: return INVALID_INFO_CLASS for invalid ↵Stefan Metzmacher1-1/+1
netr_Validation levels metze
2010-11-19s4:netlogon/LogonGetDomainInfo - handle a NULL "dns_hostname"Matthias Dieter Wallnöfer1-25/+37
- Performs the short computer name check against the sam account name. - Enhances the LogonGetDomainInfo testsuite which checks the NULL "dns_hostname" behaviour Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Nov 19 12:50:33 CET 2010 on sn-devel-104
2010-10-31s4:netlogon RPC server - "LogonGetDomainInfo" - always check the LDB return ↵Matthias Dieter Wallnöfer1-31/+57
codes Plus some cosmetic indentation fixes Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 31 19:26:45 UTC 2010 on sn-devel-104
2010-10-31s4:netlogon RPC server - point out that the "LogonGetDomainInfo" ↵Matthias Dieter Wallnöfer1-0/+4
"servicePrincipalName" generation is still needed
2010-10-24s4:dsdb - remove some calls of "samdb_msg_add_string" when we have talloc'ed ↵Matthias Dieter Wallnöfer1-10/+6
strings They can be substituted by "ldb_msg_add_string" if the string was already talloc'ed. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 24 20:03:27 UTC 2010 on sn-devel-104
2010-10-23s4:rpc_server/netlogon: netr_ServerAuthenticate3 should return ↵Stefan Metzmacher1-8/+8
NO_TRUST_SAM_ACCOUNT If we can't find the account we should return NT_STATUS_NO_TRUST_SAM_ACCOUNT instead of NT_STATUS_ACCESS_DENIED. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Oct 23 10:05:35 UTC 2010 on sn-devel-104
2010-10-23s4:rpc_server/netlogon: netr_ServerAuthenticate3 should reject invalid ↵Stefan Metzmacher1-3/+15
sec_channel_types early metze
2010-10-23s4:rpc_server/netlogon: netr_ServerAuthenticate3 should check the challenge ↵Stefan Metzmacher1-5/+5
after the account metze
2010-10-23s4:rpc_server/netlogon: fix comment in netr_DsRGetDCName()Stefan Metzmacher1-1/+1
metze
2010-10-23s4:rpc_server/netlogon: handle DC_RETURN_NETBIOS and DC_RETURN_DNS in ↵Stefan Metzmacher1-3/+28
netr_DsRGetDCNameEx2() metze
2010-10-23s4:rpc_server/netlogon: validate flags in netr_DsRGetDCNameEx2() and callersStefan Metzmacher1-2/+37
Thanks to Tarun Chopra for the help of looking up all the bits in the docs. metze
2010-10-23s4:rpc_server/netlogon: netr_GetDcName should return WERR_DCNOTFOUND for ↵Stefan Metzmacher1-0/+19
invalid names Only netbios domain names are allowed. metze
2010-10-17Revert "s4:remove "util_ldb" submodule and integrate the three gendb_* calls ↵Matthias Dieter Wallnöfer1-0/+1
in "dsdb/common/util.c"" This reverts commit 8a2ce5c47cee499f90b125ebde83de5f9f1a9aa0. Jelmer pointed out that these are also in use by other LDB databases - not only SAMDB ones. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 13:37:16 UTC 2010 on sn-devel-104
2010-10-17s4:remove "util_ldb" submodule and integrate the three gendb_* calls in ↵Matthias Dieter Wallnöfer1-1/+0
"dsdb/common/util.c" They're only in use by SAMDB code. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 17 09:40:13 UTC 2010 on sn-devel-104
2010-10-15s4:dsdb - remove "samdb_result_uint", "samdb_result_int64", ↵Matthias Dieter Wallnöfer1-9/+9
"samdb_result_uint64" and "samdb_result_string" We have ldb_msg_find_attr_as_* calls which do exactly the same. Therefore this reduces only code redundancies. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-10-10samdb: Add flags argument to samdb_connect().Jelmer Vernooij1-13/+13
2010-10-02s4:rpc_server/netlogon: don't use dcerpc_binding_handle_call_send/recv() ↵Stefan Metzmacher1-12/+9
directly metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Oct 2 03:11:38 UTC 2010 on sn-devel-104
2010-09-27s4-netlogon: added RODC DNS update call fwded to dnsupdate taskAndrew Tridgell1-3/+89
when we get a netlogon RODC DNS update, we send it to the dnsupdate task
2010-09-16s4-netlogon: added IDL for netr_DsrUpdateReadOnlyServerDnsRecordsAndrew Tridgell1-0/+20
this is used by a RODC to do DNS updates, as TSIG updates are not allowed by RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-03s4:rpc_server/netlogon: use irpc_binding_handle_by_name()Stefan Metzmacher1-7/+10
metze
2010-08-17s4:netlogon RPC server - "ServerPasswordSet" operations - introduce also ↵Matthias Dieter Wallnöfer1-2/+43
here the new password change syntax
2010-08-17s4-netlogon: added SEC_CHAN_RODCAndrew Tridgell1-0/+5
This seems to be equivalent to SEC_CHAN_BDC, but for RODCs
2010-08-14s4:auth Move struct auth_usersupplied_info to a common locationAndrew Bartlett1-5/+1
This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett
2010-07-31s4:dcesrv_netr_LogonGetDomainInfo - improve the client OS informations updateMatthias Dieter Wallnöfer1-19/+8
As ekacnet pointed out on the mailing list we don't need to do a delete if we (re)set the values afterwards - only if we don't set any new ones.
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-16/+16
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-18s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the detection of the address ↵Matthias Dieter Wallnöfer1-2/+3
family in a better way Obviously the last attempt wasn't enough. Now we do really only read the first byte in the address buffer which on little endian transmission does always contain the address family (MS-NRPC 2.2.1.2.4.1). This should now be working platform-independently.
2010-06-16s4:dcesrv_netr_DsRAddressToSitenamesExW - fix the read of the IP packet versionMatthias Dieter Wallnöfer1-3/+4
This should make it clearer by the use of the standardised "sa_family_t" type and hopefully fixes the problems on platforms other than Linux (NetBSD in the buildfarm for example).
2010-05-31s3/s4:netrEnumerateTrustedDomains - this call returns a "NTSTATUS" resultMatthias Dieter Wallnöfer1-2/+2
See MS-NRPC 3.5.5.6.3.
2010-05-31s4:dcesrv_netr_DsrEnumerateDomainTrusts - fix an integer typeMatthias Dieter Wallnöfer1-1/+1
2010-05-24s4:LogonGetDomainInfo - allow to set DNS hostname for the first timeMatthias Dieter Wallnöfer1-11/+14
Otherwise it obviously can never be set.