summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
AgeCommit message (Collapse)AuthorFilesLines
2009-10-18s4:sites - get the server site (name) from DSDBMatthias Dieter Wallnöfer1-1/+3
2009-10-18s4:dcerpc_netlogon - unify the two workstation object lookups (DNS hostname ↵Matthias Dieter Wallnöfer1-20/+26
and supported encryption types) This is simply for better performance (no functional change).
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-6/+6
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-10-02ds-flags: use the new name DS_DNS_FOREST_ROOTAndrew Tridgell1-1/+1
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer what this bit means (according to MS-ADTS doc)
2009-09-23s4-netlogon: always set the dNSHostName in GetDomainInfoAndrew Tridgell1-3/+7
This seems to be what w2k8 does
2009-09-23s4-netlogon: make GetDomainInfo response match w2k8Andrew Tridgell1-13/+21
2009-09-19more include minimisationAndrew Tridgell1-6/+0
2009-09-19s4-netlogon: implement dcesrv_netr_DsRAddressToSitenamesExWAndrew Tridgell1-2/+24
We don't implement sites properly at the moment so we just return Default-First-Site-Name
2009-09-16schannel: move schannel_sign to main directory.Günther Deschner1-1/+2
Guenther
2009-09-10s4:netlogon - Put the "supported encryption types" more back in the ↵Matthias Dieter Wallnöfer1-6/+8
"LogonGetDomainInfo" call They're needed only at the end.
2009-09-08Return a correct value for Supported Encryption TypeMatthieu Patou1-1/+6
Vista and upper version use this value to check wether they should ask the DC to change the msDS-SupportedEncryptionTypes attribute or not. Declare the different value as a bitmap in Netlogon idl
2009-09-07s4:LogonGetDomainInfo - add a basic check for the hostnameMatthias Dieter Wallnöfer1-2/+17
This check is specified in Windows Server after release 2003. The parameter "hostname" should match as prefix of the dns hostname given as parameter in the "workstation" structure.
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner1-8/+8
Guenther
2009-08-04s4:netlogon Fix warnings and segfault in GetDomainInfo callAndrew Bartlett1-4/+5
- Correctly use samdb_search_string to do a 'base' search (this needs a NULL, not a "" argument for the format string) - There is no need (and it caused a security hole) to use talloc_asprintf() with the only argument being the string to duplicate. Andrew Bartlett
2009-08-03s4: Enhancements in the "netr_LogonGetDomainInformations" callMatthias Dieter Wallnöfer1-65/+194
This addresses bug #4888 and #6596 in SAMBA 4 Bugzilla - It implements the call in the complete form as specified in the MSPP/WSPP docs and on the discussion on the "cifs-protocol" list - Therefore client informations (OS name, OS version, "servicePrincipalName"...) are now saved in the AD each time the client invokes the call
2009-07-31s4: Correct renamed constantsMatthias Dieter Wallnöfer1-4/+4
2009-07-23[SAMBA 4 / NETLOGON] Modify type of SAM contextsMatthias Dieter Wallnöfer1-9/+7
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally the type "void *". But we know that those context objects are based on the "struct ldb_context" type. We've always to cast for using a SAM/LDB call. This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx". Therefore, the casts could disappear. Also this change is only cosmetic.
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-06-18NETLOGON pipe improvementsMatthias Dieter Wallnöfer1-31/+79
Patch for bug #4939 This refactors the NETLOGON code related to this bug: - Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc. to WSPP) - Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP) - Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is also true when a domain is running in mixed mode) - Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex" (acc. to WSPP) - Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett1-51/+31
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-12/+18
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett1-105/+85
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-02-26A simple hack to avoid the segfault in #6138Andrew Bartlett1-1/+1
Thanks to Andrew Kroeger <andrew@id10ts.net> for reporting this. This fix just for the release. A better fix will make it into the master branch soon. Andrew Bartlett
2009-02-24Fix some C++ warningsVolker Lendecke1-11/+22
2009-02-18s4:netlogon: don't mix in and out negotiate_flags in ↵Stefan Metzmacher1-3/+4
dcesrv_netr_ServerAuthenticate() metze
2009-02-16s4:netlogon: implement netr_LogonGetCapabilities with NT_STATUS_NOT_IMPLEMENTEDStefan Metzmacher1-4/+5
This hopefully fixes bug #6109. metze
2009-02-16s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()Stefan Metzmacher1-1/+31
metze
2009-02-10fixed two problems with the DsRGetDCNameEx2 call, as used byAndrew Tridgell1-3/+9
Win7-beta. The first problem is that we removed the dnsDomain attribute a while back, so we were returning NULL for two fields. We now return the realm. The second problem is that Win7-beta sends the domain in the form the user typed it, so it may be in either the short or long form. We check for the short form and convert if needed.
2009-02-02s4:rpc_server: s/private/private_dataStefan Metzmacher1-4/+4
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-10s4-netlogon: fix the build of netlogon server.Günther Deschner1-4/+4
Guenther
2008-12-04s4:netlogon: for now implement netr_GetAnyDCName() as wrapper of ↵Stefan Metzmacher1-1/+12
netr_GetDcName() metze
2008-12-04s4:netlogon: Implement netr_GetDcName() similar to netr_DsGetDCName()Stefan Metzmacher1-1/+34
metze
2008-10-29s4-netlogon: merge netr_ServerPasswordSet2 from s3 idl.Günther Deschner1-3/+3
Guenther
2008-10-29s4-netlogon: merge netr_ServerPasswordSet from s3 idl.Günther Deschner1-3/+3
Guenther
2008-10-29s4-netlogon: merge netr_ServerReqChallenge from s3 idl.Günther Deschner1-2/+2
Guenther
2008-10-29s4-netlogon: merge netr_ServerAuthenticate{2,3} from s3 idl.Günther Deschner1-4/+4
Guenther
2008-10-29s4-netlogon: merge netr_LogonSamLogon{Ex,WithFlags} from s3 idl.Günther Deschner1-37/+39
Guenther
2008-10-29s4-netlogon: merge netr_LogonGetDomainInfo from s3 idl.Günther Deschner1-1/+1
Guenther
2008-10-29s4-netlogon: merge netr_DsRGetDCName{Ex,Ex2} from s3 idl.Günther Deschner1-25/+23
Guenther
2008-10-28s4-netlogon: merge netr_DsrEnumerateDomainTrusts from s3 idl.Günther Deschner1-12/+16
Guenther
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-15/+12
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-10-06Start implementing AD-style trusted domains in Samba4's NETLOGON serverAndrew Bartlett1-2/+50
2008-10-05remove dependencies on my home domainAndrew Tridgell1-2/+3
(in other words, don't do commits in airports)
2008-10-05removed some debug lines I left in the last commitAndrew Tridgell1-4/+0
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell1-6/+38
plugfest in Redmond
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett1-2/+1
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-09-05Update copyright, I've been working here many long years...Andrew Bartlett1-1/+1
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-31/+29
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)