summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
AgeCommit message (Collapse)AuthorFilesLines
2010-04-12s3/s4:netlogon IDL - fix up "struct netr_SamInfo6" regarding the "forest" ↵Matthias Dieter Wallnöfer1-2/+2
attribute According to MS-NRPC 2.2.1.4.13 this should be the DNS domainname, not the forest one.
2010-04-12s4:prefer "samdb_*_dn" basedn calls over the "ldb_get_*_dn" functionsMatthias Dieter Wallnöfer1-1/+1
Purely cosmetic change.
2010-04-10s4:rpc_server Fix segfault in modified SamLogon handlingAndrew Bartlett1-0/+1
2010-04-10s4:rpc_server Add all SIDs into the netlogon SamLogon replyAndrew Bartlett1-32/+52
We were missing the SIDs that are not in the domain.
2010-03-16s4:idl change level to type in lsa_ForestTrustRecord.Simo Sorce1-2/+2
2010-03-09s4:netlogon RPC - "LogonGetDomainInfo" - make the call compatible with >= ↵Matthias Dieter Wallnöfer1-23/+62
Windows 2008 Add more security checks and other corrections to imitate Windows Server >= 2008.
2010-02-24s4:netlogon remove wrong ZERO_STRUCT of outputSimo Sorce1-6/+0
This was causing marshalling faults when we returned errors.
2010-02-23s4:schannel merge code with s3Simo Sorce1-24/+15
After looking at the s4 side of the (s)channel :) I found out that it makes more sense to simply make it use the tdb based code than redo the same changes done to s3 to simplify the interface. Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet that does not solve the lookup speed, with ldb it is always going to be slower. Looking through the history it is evident that the schannel database doesn't really need greate expanadability. And lookups are always done with a single Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated. The schannel database is not really a persistent one. It can be discared during an upgrade without causing any real issue. all it contains is temproary session data.
2010-02-23s4:schannel more readable check logicSimo Sorce1-12/+44
Make the initial schannel check logic more understandable. Make it easy to define different policies depending on the caller's security requirements (Integrity/Privacy/Both/None) This is the same change applied to s3
2010-02-23s4:netlogon RPC - fix the indentationMatthias Dieter Wallnöfer1-15/+15
Simo, I'm not really sure that those checks are valid. I read MS-NRPC section 3.5.4.1 about LOGONSRV_HANDLEs ("server_name" is of this type). There isn't stated that the server name has necessarily to be in the DNS form and should also be valid when it's NULL (if DCE server and client are the same - I don't know if me make use of it in s4).
2010-02-22s4:netlogon GetTrustedDomainInformationSimo Sorce1-6/+172
start implementing calls related to trusted domain information
2010-02-22s4:netlogon fix segfaultSimo Sorce1-12/+19
2010-02-21s4:netlogon enhance DsrEnumerateDomainTrustsSimo Sorce1-27/+178
Actually return trust relationships by searching the appropriate entries in the SAM database. Add checks and return the correct flags, type and attributes.
2010-02-21cleanupSimo Sorce1-133/+131
remove trailing spaces, tabs and blank lines
2010-02-19readability reformattingSimo Sorce1-28/+36
stop this function from maiking my eyes bleed
2010-02-16s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flagsAndrew Tridgell1-2/+2
This allows for controls to be added easily where they are needed.
2009-11-24Revert "s4-netlogon: always set the dNSHostName in GetDomainInfo"Matthias Dieter Wallnöfer1-7/+3
This reverts commit 87b6f2e863c6e117643ab6704e50167e849b69cc. This was the cause of the breakage of the "LogonGetDomainInfo" testsuite. I think my behaviour is more correct to Windows Server since the test works against it (at least release 2003 R2). One problem I discovered is that freshly joined workstations don't get their DNS name into the directory. Therefore I think also another part (maybe another RPC call) is able to do this.
2009-11-22s4:netlogon RPC - Remove trailing whitespaceMatthias Dieter Wallnöfer1-1/+1
2009-11-22s4:netlogon RPC - Fix up the error handlingMatthias Dieter Wallnöfer1-4/+2
2009-11-22s4:netlogon RPC - Fix up a commentMatthias Dieter Wallnöfer1-4/+5
Now we have Windows 7 released so don't refer to a beta anymore.
2009-10-23s4-ldbwrap: added re-use of ldb contexts in ldb_wrap_connect()Andrew Tridgell1-2/+2
This allows us to reuse a ldb context if it is open twice, instead of going through the expensive process of a full ldb open. We can reuse it if all of the parameters are the same. The change relies on callers using talloc_unlink() or free of a parent to close a ldb context.
2009-10-23s4-dsdb: create a static system_session contextAndrew Tridgell1-4/+4
This patch adds a system_session cache, preventing us from having to recreate it on every ldb open, and allowing us to detect when the same session is being used in ldb_wrap
2009-10-18s4:sites - get the server site (name) from DSDBMatthias Dieter Wallnöfer1-1/+3
2009-10-18s4:dcerpc_netlogon - unify the two workstation object lookups (DNS hostname ↵Matthias Dieter Wallnöfer1-20/+26
and supported encryption types) This is simply for better performance (no functional change).
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-6/+6
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02ds-flags: use the new name DS_DNS_FOREST_ROOTAndrew Tridgell1-1/+1
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc)
2009-09-23s4-netlogon: always set the dNSHostName in GetDomainInfoAndrew Tridgell1-3/+7
This seems to be what w2k8 does
2009-09-23s4-netlogon: make GetDomainInfo response match w2k8Andrew Tridgell1-13/+21
2009-09-19more include minimisationAndrew Tridgell1-6/+0
2009-09-19s4-netlogon: implement dcesrv_netr_DsRAddressToSitenamesExWAndrew Tridgell1-2/+24
We don't implement sites properly at the moment so we just return Default-First-Site-Name
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner1-1/+2
Guenther
2009-09-10s4:netlogon - Put the "supported encryption types" more back in the ↵Matthias Dieter Wallnöfer1-6/+8
"LogonGetDomainInfo" call They're needed only at the end.
2009-09-08Return a correct value for Supported Encryption TypeMatthieu Patou1-1/+6
Vista and upper version use this value to check wether they should ask the DC to change the msDS-SupportedEncryptionTypes attribute or not. Declare the different value as a bitmap in Netlogon idl
2009-09-07s4:LogonGetDomainInfo - add a basic check for the hostnameMatthias Dieter Wallnöfer1-2/+17
This check is specified in Windows Server after release 2003. The parameter "hostname" should match as prefix of the dns hostname given as parameter in the "workstation" structure.
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner1-8/+8
Guenther
2009-08-04s4:netlogon Fix warnings and segfault in GetDomainInfo callAndrew Bartlett1-4/+5
- Correctly use samdb_search_string to do a 'base' search (this needs a NULL, not a "" argument for the format string) - There is no need (and it caused a security hole) to use talloc_asprintf() with the only argument being the string to duplicate. Andrew Bartlett
2009-08-03s4: Enhancements in the "netr_LogonGetDomainInformations" callMatthias Dieter Wallnöfer1-65/+194
This addresses bug #4888 and #6596 in SAMBA 4 Bugzilla - It implements the call in the complete form as specified in the MSPP/WSPP docs and on the discussion on the "cifs-protocol" list - Therefore client informations (OS name, OS version, "servicePrincipalName"...) are now saved in the AD each time the client invokes the call
2009-07-31s4: Correct renamed constantsMatthias Dieter Wallnöfer1-4/+4
2009-07-23[SAMBA 4 / NETLOGON] Modify type of SAM contextsMatthias Dieter Wallnöfer1-9/+7
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally the type "void *". But we know that those context objects are based on the "struct ldb_context" type. We've always to cast for using a SAM/LDB call. This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx". Therefore, the casts could disappear. Also this change is only cosmetic.
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-06-18NETLOGON pipe improvementsMatthias Dieter Wallnöfer1-31/+79
Patch for bug #4939 This refactors the NETLOGON code related to this bug: - Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc. to WSPP) - Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP) - Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is also true when a domain is running in mixed mode) - Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex" (acc. to WSPP) - Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett1-51/+31
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-12/+18
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett1-105/+85
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-02-26A simple hack to avoid the segfault in #6138Andrew Bartlett1-1/+1
Thanks to Andrew Kroeger <andrew@id10ts.net> for reporting this. This fix just for the release. A better fix will make it into the master branch soon. Andrew Bartlett
2009-02-24Fix some C++ warningsVolker Lendecke1-11/+22
2009-02-18s4:netlogon: don't mix in and out negotiate_flags in ↵Stefan Metzmacher1-3/+4
dcesrv_netr_ServerAuthenticate() metze
2009-02-16s4:netlogon: implement netr_LogonGetCapabilities with NT_STATUS_NOT_IMPLEMENTEDStefan Metzmacher1-4/+5
This hopefully fixes bug #6109. metze
2009-02-16s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()Stefan Metzmacher1-1/+31
metze
2009-02-10fixed two problems with the DsRGetDCNameEx2 call, as used byAndrew Tridgell1-3/+9
Win7-beta. The first problem is that we removed the dnsDomain attribute a while back, so we were returning NULL for two fields. We now return the realm. The second problem is that Win7-beta sends the domain in the form the user typed it, so it may be in either the short or long form. We check for the short form and convert if needed.