summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
AgeCommit message (Collapse)AuthorFilesLines
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-15/+12
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-10-06Start implementing AD-style trusted domains in Samba4's NETLOGON serverAndrew Bartlett1-2/+50
2008-10-05remove dependencies on my home domainAndrew Tridgell1-2/+3
(in other words, don't do commits in airports)
2008-10-05removed some debug lines I left in the last commitAndrew Tridgell1-4/+0
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell1-6/+38
plugfest in Redmond
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett1-2/+1
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-09-05Update copyright, I've been working here many long years...Andrew Bartlett1-1/+1
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-31/+29
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-29Start implementing the server-sde NETLOGON PAC verification.Andrew Bartlett1-1/+46
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
2008-08-12Add GenericInfo level for SamLogon calls from the WSPP IDL.Andrew Bartlett1-5/+13
Andrew Bartlett (This used to be commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-14/+15
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-10/+12
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-25Fix netlogon rpc-server build.Günther Deschner1-4/+4
Guenther (This used to be commit 7a10be2ac77124a78fcc4ddda5e05c036ed920fa)
2008-01-25Fix netlogon rpc-server build.Günther Deschner1-4/+4
Guenther (This used to be commit 31980e03faedaa44317f64d940c458d38a103627)
2008-01-11Return 'not implemented' on more RPCs. (easy way to 'pass' theAndrew Bartlett1-2/+7
torture test, as I see little reason to implement these RPCs). Add information regarding the importance of the LogonGetDomainInfo calls Andrew Bartlett (This used to be commit 9cd3a76c25019f4d8d7b41d75e1f7efb4475e86a)
2007-12-24r26558: Add IDL for netr_GetForestTrustInformation().Günther Deschner1-4/+4
Guenther (This used to be commit 7aa34b48795d303ba600f34a4b1bc916007aee44)
2007-12-21r26357: Add separate subsystem for auth_sam_reply parsing.Jelmer Vernooij1-1/+1
(This used to be commit 2d61e7c96e249d7031b709e9f727626a78e435f1)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-2/+2
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26310: Remove more uses of global_loadparm.Jelmer Vernooij1-6/+12
(This used to be commit 9d806da113b5f0688b6193dfdee9b8765e18b38f)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-3/+8
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)
2007-12-21r26296: Store loadparm context in DCE/RPC server context.Jelmer Vernooij1-14/+14
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
2007-12-21r26286: IDL and torture test for netr_ServerTrustPasswordsGet().Günther Deschner1-4/+4
Guenther (This used to be commit 231fe8826b7d8b0f4307ffbb3cd71b4c7723a290)
2007-12-21r26285: Add IDL and torture test for netr_ServerPasswordGet().Günther Deschner1-4/+4
Guenther (This used to be commit d64244cfe871cd549a991ac2a708263fc77d2fef)
2007-12-21r26273: Add IDL and torture test for netr_NetrEnumerateTurstedDomains() andGünther Deschner1-7/+7
netr_NetrEnumerateTurstedDomainsEx(). Guenther (This used to be commit 32a189e85026f5b54f82df88306005d9a9f50beb)
2007-12-21r26252: Specify loadparm_context explicitly when creating sessions.Jelmer Vernooij1-3/+3
(This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede)
2007-12-21r26234: More global_loadparm fixes.Jelmer Vernooij1-2/+2
(This used to be commit 84892d030de6266fc0f3a699cade960dd5dc37bc)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-1/+1
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r26227: Make loadparm_context part of a server task, move loadparm_contexts ↵Jelmer Vernooij1-6/+6
further up the call stack. (This used to be commit 0721a07aada6a1fae6dcbd610b8783df57d7bbad)
2007-12-21r26221: Add loadparm_context parameter to auth_context_create.Jelmer Vernooij1-0/+2
(This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972)
2007-12-21r26003: Split up DB_WRAP, as first step in an attempt to sanitize dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 56dfcb4f2f8e74c9d8b2fe3a0df043781188a555)
2007-12-21r25896: Rename netlogon server stubs.Günther Deschner1-6/+6
Guenther (This used to be commit 2f8b8c046010c54d708a8e109b78fbd6e1958f40)
2007-10-10r25553: Convert to standard bool type.Jelmer Vernooij1-8/+8
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-5/+8
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24611: Following up on the re-opening of bug 4817 is it pretty clear thatAndrew Bartlett1-2/+0
machine accounts are not subject to password policy in Win2k3 R2 (at least in terms of password quality). In testing this, I found that Win2k3 R2 has changed the way the old ChangePassword RPC call is handled - the 'cross-checks' between new LM and NT passwords are not required. Andrew Bartlett (This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23680: Make it easier to setup a domain member server - the 'server role'Andrew Bartlett1-2/+2
will now control the auth methods, but an override is still available, ex: auth methods:domain controller = <methods> Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae)
2007-10-10r23384: Fill in NETLOGON netr_DsRGetForestTrustInformation().Günther Deschner1-3/+3
Guenther (This used to be commit 82477b311e2a7a51906d0c00d8714f545b12b0bd)
2007-10-10r23381: Merge netr_GetDcName WERROR return and ↵Günther Deschner1-1/+1
WERROR_DOMAIN_CONTROLLER_NOT_FOUND from SAMBA_3_0. Guenther (This used to be commit 841ad140a34648ff52d5e44a6642f346ef9eee02)
2007-10-10r23240: Fill in netr_DsrGetDcSiteCoverageW.Günther Deschner1-3/+3
Guenther (This used to be commit 9c2b9642336ed954c8f9fc0ccce95547d7c18aa8)
2007-10-10r23129: Merge from 3_0:Günther Deschner1-2/+12
* netr_DsRGetDCName_flags, netr_DsRGetDCNameInfo_AddressType and netr_DsR_DcFlags * the mask in netr_DsRGetDCNameEx2 turns out to be samr_AcctFlags Guenther (This used to be commit 9cdd6d9782a7a70f01d748228beb80c454d1468b)
2007-10-10r21362: rename:Stefan Metzmacher1-2/+2
"ntPwdHash" => "unicodePwd" "lmPwdHash" => "dBCSPwd" "sambaLMPwdHistory" => "lmPwdHistory" "sambaNTPwdHistory" => "ntPwdHistory" Note: you need to reprovision after this change! metze (This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
2007-10-10r20850: Prefix all server calls with dcesrv_Jelmer Vernooij1-60/+60
(This used to be commit 76c78b0339cd88c61a13745f7f4e037f400db21b)
2007-10-10r19832: better prototypes for the linearization functions:Simo Sorce1-2/+2
- ldb_dn_get_linearized returns a const string - ldb_dn_alloc_linearized allocs astring with the linearized dn (This used to be commit 3929c086d5d0b3f08b1c4f2f3f9602c3f4a9a4bd)
2007-10-10r19831: Big ldb_dn optimization and interfaces enhancement patchSimo Sorce1-2/+2
This patch changes a lot of the code in ldb_dn.c, and also removes and add a number of manipulation functions around. The aim is to avoid validating a dn if not necessary as the validation code is necessarily slow. This is mainly to speed up internal operations where input is not user generated and so we can assume the DNs need no validation. The code is designed to keep the data as a string if possible. The code is not yet 100% perfect, but pass all the tests so far. A memleak is certainly present, I'll work on that next. Simo. (This used to be commit a580c871d3784602a9cce32d33419e63c8236e63)
2007-10-10r17991: Implement a few more calls (with not implemented :-).Andrew Bartlett1-36/+21
Remove references to dnsDomain, replace with references to dnsRoot Andrew Bartlett (This used to be commit e09dd33379c79982dffadd69d7a4e9e24be7c248)
2007-10-10r17956: LSA Cleanup!Andrew Bartlett1-2/+6
This commit cleans up a number of aspects of the LSA interface. Firstly, we do 2 simple searches on opening the LSA policy, to obtain the basic information we need. This also avoids us searching for dnsDomain (an invented attribute). While I was at it, I added and tested new LSA calls, including the enumTrustedDomainsEx call. I have also merged the identical structures lsa_DomainInformation and lsa_DomainList. Also in this commit: Fix netlogon use of uninitialised variables. Andrew Bartlett (This used to be commit 3f3fa7f466df56612064029143fbae8effb668aa)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-2/+2
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17823: get rid of most of the samdb_base_dn() calls, as they are no longerAndrew Tridgell1-4/+4
needed in searches (This used to be commit a5ea749f0ac63bf495a55ee8d9d002208ab93572)