summaryrefslogtreecommitdiff
path: root/source3/libnet
AgeCommit message (Collapse)AuthorFilesLines
2015-07-09net: fix the order of DC lookup methods when joining a domainUri Simchoni1-1/+8
The dsgetdcname() function is able to try just DNS lookup, just NetBIOS, or start with DNS and fall back to NetBIOS. For "net ads join", we know most of the time whether the name of the domain we're joining is a DNS name or a NetBIOS name. In that case, it makes no sense to try both lookup methods, especially that DNS may fail and we want to fall back from site-aware DNS lookup to site-less DNS lookup, with no NetBIOS lookup in between. This change lets "net ads join" tell libnet what is the type of the domain name, if it is known. Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-15Convert uint64 to uint64_tRichard Sharpe2-4/+4
We seemed to have very few uses of that. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-13Convert uint32/16/8 to _t in source3/libnet.Richard Sharpe2-9/+9
Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-20s3:libnet: remove unused variablesStefan Metzmacher1-16/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2015-03-12s3:libnet: use cli_credentials based functions in libnet_join_ok()Stefan Metzmacher1-40/+25
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2015-01-08allow net ads join accept new osServicePack parameterNoel Power1-2/+13
osServicePack paramater allows the default behaviour ( which is to use the samba version string as the operatingSystemServicePack attribute ) to be overridden Additionally make sure if blank string is passed that it is treated as attribute deletion. This is necessary as values for the os attributes are eventually passed to ads_modlist_add if the value is "" then the attempt to add this attribute fails in the underlying ldap 'ldap_modfiy_ext_s' function. In this case we need to pass NULL as the value to force deletion of the ldap attribute Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 8 00:18:05 CET 2015 on sn-devel-104
2014-12-11auth: Allow domain join to itself when we are a PDCAndrew Bartlett1-1/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-12-11netapi: Move DC check to NetJoinDomain() where it is needed.Andrew Bartlett1-4/+0
This partially reverts 15f6e27bd5a9065c8b781fa21f5989ce2c355776. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10891 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2014-11-17samba: pass down size_t instead of int to add_string_to_array().Günther Deschner1-2/+2
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Nov 17 19:53:22 CET 2014 on sn-devel-104
2014-10-08s3-winbindd: Attempt to connect to NETLOGON over NCACN_IP_TCP if we canAndrew Bartlett1-2/+2
This is very helpful in the trusted domain situation, as we may not have a two-way trust but we can use our domain trust account to set up a connection to NETLOGON Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 8 12:48:15 CEST 2014 on sn-devel-104
2014-09-26s3-libnet: set list of allowed krb5 encryption types in AD >= 2008.Günther Deschner1-0/+65
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-09-26s3-libnet: Make sure we do not overwrite precreated SPNs.Günther Deschner1-3/+36
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Sep 26 08:22:45 CEST 2014 on sn-devel-104
2014-09-26s3-libnet: Add libnet_join_get_machine_spns().Andreas Schneider1-0/+20
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9984 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
2014-07-07idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfoSamuel Cabrero1-1/+20
Signed-off-by: Samuel Cabrero <scabrero@zentyal.com> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
2014-07-02s3-libnet: Improve error message.Andreas Schneider1-1/+3
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jul 2 16:54:10 CEST 2014 on sn-devel-104
2014-03-07s3-kerberos: remove unused kdc_name from ↵Günther Deschner1-2/+1
create_local_private_krb5_conf_for_domain(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Fri Mar 7 18:43:57 CET 2014 on sn-devel-104
2014-02-07param: rename lp function and variable from "adduser_script" to ↵Garming Sam2-2/+2
"add_user_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-02-07param: rename lp function and variable from "addmachine_script" to ↵Garming Sam2-2/+2
"add_machine_script" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2014-01-07s3:libnet: pass in struct netlogon_creds_cli_context from the caller.Stefan Metzmacher2-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07s3:libnet: use rpccli_{create,setup}_netlogon_creds() in ↵Stefan Metzmacher1-15/+51
libnet_join_joindomain_rpc_unsecure Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()Stefan Metzmacher2-32/+83
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07s3:rpc_client: use netlogon_creds_cli_auth_level() in ↵Stefan Metzmacher1-1/+0
cli_rpc_pipe_open_schannel_with_key() This means the auth level is now based on the "winbindd sealed pipes" option, defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-01-07s3:rpc_client: make use of the new netlogon_creds_cli_contextStefan Metzmacher2-4/+18
This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds and lets the secure channel session state be stored in node local database. This is the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-12-09CVE-2013-4408:s3:Ensure LookupNames replies arrays are range checked.Jeremy Allison1-0/+16
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
2013-11-15s3-libnet: Use a const char for realm.Andreas Schneider1-1/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 15 23:11:54 CET 2013 on sn-devel-104
2013-11-12s3-libnetjoin: Fix Bug #10262: use upper-case realm when composing default upn.Günther Deschner1-1/+16
In case we are about to generate a keytab during the join make sure the default upn we create is usable with kinit -k. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10262 Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Nov 12 16:39:03 CET 2013 on sn-devel-104
2013-08-10s3:libnet_join: try to use NETLOGON_NEG_SUPPORTS_AESStefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-05s3:libnet: let the caller truncate the pw in ↵Stefan Metzmacher1-14/+1
libnet_join_joindomain_rpc_unsecure() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3-libnetjoin: add machine_name length check.Günther Deschner1-0/+9
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3: libnet_join: use admin_domain in libnetjoin.Günther Deschner1-1/+26
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3-rpc_cli: pass down ndr_interface_table to cli_rpc_pipe_open_noauth().Günther Deschner1-4/+4
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05s3-rpc_cli: pass down ndr_interface_table to ↵Günther Deschner1-1/+1
cli_rpc_pipe_open_schannel_with_key(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-03-06Make sure to set umask() before calling mkstemp().Andreas Schneider1-2/+28
Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Mar 6 01:16:34 CET 2013 on sn-devel-104
2013-03-05s3:libnet increase timeout for machine password changeChristian Ambach1-0/+9
DCs might run password filter modules that can delay the setting of the machine password for a significant amount of time use the same timeout as in the other paths of domain join (e.g. rpccli_netlogon_set_trust_password) Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-02-27Make sure that domain joins work correctly when the DC disallows NTLM auth.Richard Sharpe2-4/+13
Signed-Off-By: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-By: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 27 21:49:25 CET 2013 on sn-devel-104
2013-02-19s3:libnet: make use of samba_tevent_context_init()Stefan Metzmacher1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-04s3: use generate_random_password() instead of generate_random_str()Stefan Metzmacher1-2/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-08-09Correctly check for errors in strlower_m() returns.Jeremy Allison1-4/+14
2012-08-09Check error returns from strupper_m() (in all reasonable places).Jeremy Allison1-2/+7
2012-08-01s3:libnet_join: make use of cli_get_session_key() in ↵Stefan Metzmacher1-2/+12
libnet_join_joindomain_rpc() metze
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett1-0/+1
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell3-24/+24
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-05-30build: Provide .pc file for libnetapiAndrew Bartlett1-0/+11
This is not the exact same file as the autoconf build, because of the differnet processing semantics. Andrew Bartlett
2012-05-28s3:libsmb: get rid of cli_state_remote_nameLuk Claes1-3/+3
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-28s3:libsmb: get rid of cli_state_*_sockaddrLuk Claes1-1/+2
Signed-off-by: Luk Claes <luk@debian.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-03-04s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett1-1/+0
This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04s3: don't replace the error message if already definedMatthieu Patou1-3/+5
Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Sun Mar 4 10:13:24 CET 2012 on sn-devel-104
2011-12-12s3: Remove a bunch of calls to procid_self()Volker Lendecke1-2/+1
All callers to messaging_[re]init only used procid_self()
2011-11-16s3-passdb: split out passdb/pdb_ldap_schema.cGünther Deschner1-1/+1
Guenther
2011-11-03s3:libnet: s/Undefined/SMB_SIGNING_DEFAULT/Stefan Metzmacher1-3/+3
metze
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-19 11:21:12 +0000