summaryrefslogtreecommitdiff
path: root/source4/rpc_server/netlogon
AgeCommit message (Collapse)AuthorFilesLines
2009-08-27s4-schannel: add ldb suffix to schannel functions.Günther Deschner1-8/+8
Guenther
2009-08-04s4:netlogon Fix warnings and segfault in GetDomainInfo callAndrew Bartlett1-4/+5
- Correctly use samdb_search_string to do a 'base' search (this needs a NULL, not a "" argument for the format string) - There is no need (and it caused a security hole) to use talloc_asprintf() with the only argument being the string to duplicate. Andrew Bartlett
2009-08-03s4: Enhancements in the "netr_LogonGetDomainInformations" callMatthias Dieter Wallnöfer1-65/+194
This addresses bug #4888 and #6596 in SAMBA 4 Bugzilla - It implements the call in the complete form as specified in the MSPP/WSPP docs and on the discussion on the "cifs-protocol" list - Therefore client informations (OS name, OS version, "servicePrincipalName"...) are now saved in the AD each time the client invokes the call
2009-07-31s4: Correct renamed constantsMatthias Dieter Wallnöfer1-4/+4
2009-07-23[SAMBA 4 / NETLOGON] Modify type of SAM contextsMatthias Dieter Wallnöfer1-9/+7
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally the type "void *". But we know that those context objects are based on the "struct ldb_context" type. We've always to cast for using a SAM/LDB call. This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx". Therefore, the casts could disappear. Also this change is only cosmetic.
2009-07-13libds: share UF_ flags between samba3 and 4.Günther Deschner1-1/+1
Guenther
2009-06-18NETLOGON pipe improvementsMatthias Dieter Wallnöfer1-31/+79
Patch for bug #4939 This refactors the NETLOGON code related to this bug: - Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc. to WSPP) - Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP) - Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is also true when a domain is running in mixed mode) - Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex" (acc. to WSPP) - Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett1-51/+31
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-04-14Rework to use new API for common netlogon credential chainingAndrew Bartlett1-12/+18
2009-04-14Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett1-105/+85
In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
2009-02-26A simple hack to avoid the segfault in #6138Andrew Bartlett1-1/+1
Thanks to Andrew Kroeger <andrew@id10ts.net> for reporting this. This fix just for the release. A better fix will make it into the master branch soon. Andrew Bartlett
2009-02-24Fix some C++ warningsVolker Lendecke1-11/+22
2009-02-18s4:netlogon: don't mix in and out negotiate_flags in ↵Stefan Metzmacher1-3/+4
dcesrv_netr_ServerAuthenticate() metze
2009-02-16s4:netlogon: implement netr_LogonGetCapabilities with NT_STATUS_NOT_IMPLEMENTEDStefan Metzmacher1-4/+5
This hopefully fixes bug #6109. metze
2009-02-16s4:netlogon: always return correct negotiate_flags in Authenticate[2|3]()Stefan Metzmacher1-1/+31
metze
2009-02-10fixed two problems with the DsRGetDCNameEx2 call, as used byAndrew Tridgell1-3/+9
Win7-beta. The first problem is that we removed the dnsDomain attribute a while back, so we were returning NULL for two fields. We now return the realm. The second problem is that Win7-beta sends the domain in the form the user typed it, so it may be in either the short or long form. We check for the short form and convert if needed.
2009-02-02s4:rpc_server: s/private/private_dataStefan Metzmacher1-4/+4
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-1/+1
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-10s4-netlogon: fix the build of netlogon server.Günther Deschner1-4/+4
Guenther
2008-12-04s4:netlogon: for now implement netr_GetAnyDCName() as wrapper of ↵Stefan Metzmacher1-1/+12
netr_GetDcName() metze
2008-12-04s4:netlogon: Implement netr_GetDcName() similar to netr_DsGetDCName()Stefan Metzmacher1-1/+34
metze
2008-10-29s4-netlogon: merge netr_ServerPasswordSet2 from s3 idl.Günther Deschner1-3/+3
Guenther
2008-10-29s4-netlogon: merge netr_ServerPasswordSet from s3 idl.Günther Deschner1-3/+3
Guenther
2008-10-29s4-netlogon: merge netr_ServerReqChallenge from s3 idl.Günther Deschner1-2/+2
Guenther
2008-10-29s4-netlogon: merge netr_ServerAuthenticate{2,3} from s3 idl.Günther Deschner1-4/+4
Guenther
2008-10-29s4-netlogon: merge netr_LogonSamLogon{Ex,WithFlags} from s3 idl.Günther Deschner1-37/+39
Guenther
2008-10-29s4-netlogon: merge netr_LogonGetDomainInfo from s3 idl.Günther Deschner1-1/+1
Guenther
2008-10-29s4-netlogon: merge netr_DsRGetDCName{Ex,Ex2} from s3 idl.Günther Deschner1-25/+23
Guenther
2008-10-28s4-netlogon: merge netr_DsrEnumerateDomainTrusts from s3 idl.Günther Deschner1-12/+16
Guenther
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-15/+12
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-10-06Start implementing AD-style trusted domains in Samba4's NETLOGON serverAndrew Bartlett1-2/+50
2008-10-05remove dependencies on my home domainAndrew Tridgell1-2/+3
(in other words, don't do commits in airports)
2008-10-05removed some debug lines I left in the last commitAndrew Tridgell1-4/+0
2008-10-03updated the LSA and NETLOGON servers with fixes resulting from the ADAndrew Tridgell1-6/+38
plugfest in Redmond
2008-09-22Remove unused parameter from decode_pw_buffer and fail on invalidAndrew Bartlett1-2/+1
UTF-16 input The input checking is important, as otherwise we could set the wrong password. Andrew Bartlett
2008-09-05Update copyright, I've been working here many long years...Andrew Bartlett1-1/+1
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-31/+29
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-29Start implementing the server-sde NETLOGON PAC verification.Andrew Bartlett1-1/+46
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
2008-08-12Add GenericInfo level for SamLogon calls from the WSPP IDL.Andrew Bartlett1-5/+13
Andrew Bartlett (This used to be commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-14/+15
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-02-28Generate ACB_PW_EXPIRED correctlyAndrew Bartlett1-10/+12
More correctly handle expired passwords, and do not expire machine accounts. Test that the behaviour is consistant with windows, using the RPC-SAMR test. Change NETLOGON to directly query the userAccountControl, just because we don't want to do the extra expiry processing here. Andrew Bartlett (This used to be commit acda1f69bc9b9c43e157e254d0bae54d11363661)
2008-01-25Fix netlogon rpc-server build.Günther Deschner1-4/+4
Guenther (This used to be commit 7a10be2ac77124a78fcc4ddda5e05c036ed920fa)
2008-01-25Fix netlogon rpc-server build.Günther Deschner1-4/+4
Guenther (This used to be commit 31980e03faedaa44317f64d940c458d38a103627)
2008-01-11Return 'not implemented' on more RPCs. (easy way to 'pass' theAndrew Bartlett1-2/+7
torture test, as I see little reason to implement these RPCs). Add information regarding the importance of the LogonGetDomainInfo calls Andrew Bartlett (This used to be commit 9cd3a76c25019f4d8d7b41d75e1f7efb4475e86a)
2007-12-24r26558: Add IDL for netr_GetForestTrustInformation().Günther Deschner1-4/+4
Guenther (This used to be commit 7aa34b48795d303ba600f34a4b1bc916007aee44)
2007-12-21r26357: Add separate subsystem for auth_sam_reply parsing.Jelmer Vernooij1-1/+1
(This used to be commit 2d61e7c96e249d7031b709e9f727626a78e435f1)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-2/+2
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26310: Remove more uses of global_loadparm.Jelmer Vernooij1-6/+12
(This used to be commit 9d806da113b5f0688b6193dfdee9b8765e18b38f)
2007-12-21r26298: Use metze's schema loading code to pre-initialise the schema into theAndrew Bartlett1-3/+8
samdb before we start writing entries into it. In doing so, I realised we still used 'dnsDomain', which is not part of the standard schema (now removed). We also set the 'wrong' side of the linked attributes for the masteredBy on each partition - this is now set in provision_self_join and backlinks via the linked attributes code. When we have the schema loaded, we must also have a valid domain SID loaded, so that the objectclass module works. This required some ejs glue. Andrew Bartlett (This used to be commit b0de08916e8cb59ce6a2ea94bbc9ac0679830ac1)