summaryrefslogtreecommitdiff
path: root/source4/libnet
AgeCommit message (Collapse)AuthorFilesLines
2025-08-13libads: change netlogon_pings() behaviour wrt to min_servers parameterRalph Boehme1-1/+1
Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail if it can't contact X DCs. This is not really what we want. What we want is: we want at least one DC, and up to X. Change implemenentation in that sense and rename the min_servers argument to wanted_servers to express this behaviour change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Aug 13 19:31:10 UTC 2025 on atb-devel-224
2025-05-19s4:libnet: pass an explicit talloc parent to libnet_context_init()Stefan Metzmacher2-6/+9
We should not implicitly use the tevent_context as talloc parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-02-11libnet4: free tevent request even on errorBjörn Baumbach1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15798 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Tue Feb 11 11:05:37 UTC 2025 on atb-devel-224
2025-02-08libnet4: check return value of DC lookupBjörn Baumbach1-0/+3
Avoids possible segmentation fault when the lookup fails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15798 Pair-programmed-with: Volker Lendecke <vl@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Sat Feb 8 03:30:27 UTC 2025 on atb-devel-224
2024-11-14libnet: Fix Coverity ID 1634803 Dereference after null checkVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Nov 14 18:29:46 UTC 2024 on atb-devel-224
2024-11-11libnet: Simplify becomeDCVolker Lendecke1-1/+1
Checking for "" does not need a call to strcmp Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Use netlogon_pings() in finddcs_cldapVolker Lendecke2-0/+3
Enable LDAPS lookups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Use netlogon_pings() in unbecome_dcVolker Lendecke1-21/+31
Enable LDAPS lookups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Use netlogon_pings() in become_dcVolker Lendecke1-23/+28
Allow LDAPS netlogon pings Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Use netlogon_pings() in findsiteVolker Lendecke2-40/+37
Enable LDAPS lookups Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet: Initialize variables in libnet_FindSite()Volker Lendecke1-5/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet: Simplify error return in libnet_FindSite()Volker Lendecke1-14/+13
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet: Save a few lines with talloc_move()Volker Lendecke1-8/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11param: Remove parameter "cldap port"Volker Lendecke4-14/+6
This was not used consistently across all of our code base, and I don't see a reason why this should ever not be port 389. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11cldap: Make finddcs.out.netlogon a pointerVolker Lendecke2-3/+5
struct netlogon_samlogon_response has subpointers, this patch enables a proper talloc hierarchy. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11cldap: Make cldap_netlogon.out.netlogon a pointerVolker Lendecke3-10/+13
struct netlogon_samlogon_response has subpointers, this patch enables a proper talloc hierarchy. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Call map_netlogon_samlogon_response directlyVolker Lendecke1-1/+2
Avoid using a boolean flag passed down Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Call map_netlogon_samlogon_response directlyVolker Lendecke1-1/+2
Avoid using a boolean flag passed down Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-11libnet4: Call map_netlogon_samlogon_response directlyVolker Lendecke1-1/+3
Avoid using a boolean flag passed down Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-06s4: s/the the\b/the/ in miscellaneous commentsDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
2024-09-26s4:libnet: make use of dcerpc_binding_handle_get_transport()Stefan Metzmacher1-1/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26s4:libnet: make use of dcerpc_binding_handle_get_binding()Stefan Metzmacher3-8/+27
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26s4:py_net: make use of dcerpc_binding_handle_auth_session_key()Stefan Metzmacher1-6/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26s4:libnet: make use of dcerpc_binding_handle_auth_session_key() in ↵Stefan Metzmacher1-9/+12
libnet_become_dc.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26s4:libnet: make use of dcerpc_binding_handle_transport_session_key() in ↵Stefan Metzmacher1-10/+25
libnet_passwd.c Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-26s4:libnet: add struct dcerpc_binding_handle helper variables in libnet_passwd.cStefan Metzmacher1-5/+15
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-07-17libnet: Fix debug textPavel Filipenský1-2/+3
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-06-10kdc: Use a consistent, stable time throughout the Heimdal KDCAndrew Bartlett1-0/+32
The MIT KDC has a fallback to a consistent time per fetch call, and both implementations then follow the time in each 'struct samba_kdc_entry'. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-06-05s4-libnet: Split up samba-net into samba-net and samba-net-joinAndrew Bartlett4-8/+18
samba-net-join links to python and so needs the variable name with the python ABI tag, while samba-net is a normal C library and can be included in a package without python dependencies. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-05-22s4:libnet: Allow simulating AS‐REQ flags combination for keytab exportJo Sutton3-5/+15
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22s4:libnet: Update export_keytab() docstringJo Sutton1-2/+4
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22s4:libnet: Pass SDB_F_ADMIN_DATA flag through to samba_kdc_message2entry()Jo Sutton1-3/+7
This will allow us to specify whether to specify this flag for a keytab export. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-22s4:libnet_export_keytab: add only_current_keys optionStefan Metzmacher3-5/+95
By default we also export on the old and older passwords... In order to do a kinit with a keytab it might we useful to include only the current keys. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-16s4:libnet: Remove unnecessary declarationsJo Sutton1-3/+0
This declaration is a hold‐over from the Python 2 module initialization pattern. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-05-16s4:libnet: Remove trailing whitespaceJo Sutton2-5/+5
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-21s4:libnet: Fix code spellingJo Sutton1-5/+5
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-03-14samba-tool domain exportkeytab: Refuse to overwrite an existing file in ↵Andrew Bartlett1-1/+20
full-db export Since 87f67d336919172845f53067c67d1eab8e7ef18a samba-tool domain exportkeytab has silently unlinked the given target file. Instead, the administrator now needs to specify a file that does not exist. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-libnet: Prepare for a "rolling update" keytab exportAndrew Bartlett1-7/+37
This mode will allow keytabs to be exported with all current keys added to historical keys, which will be useful in a domain with many gMSA servers that require wireshark decryption. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-auth/kerberos: Do not add true duplicates to exported keytabAndrew Bartlett1-1/+0
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-libnet: Raise NTSTATUSError not RuntimeError in keytab exportAndrew Bartlett1-3/+7
We should never raise RuntimeError if we have a better option. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14samba-tool: Add option --keep-stale-entries to "samba-tool domain exportkeytab"Andrew Bartlett3-18/+39
This will keep stale keys in the keytab, which may be useful for wireshark but is not correct if the keytab is used for accepting Kerberos tickets, as tickets encrypted with old passwords would still be accepted. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14lib/krb5_wrap: Pull already_hashed case out of smb_krb5_kt_add_entry()Andrew Bartlett1-17/+12
The two callers of this function want two very different things, the common point was wanting to call smb_krb5_kt_seek_and_delete_old_entries() however this is now done earlier in sdb_kt_copy() with smb_krb5_remove_obsolete_keytab_entries() or an unlink() in libnet_export_keytab(). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-libnet: Add export of gMSA keys to "samba-tool domain exportkeytab"Andrew Bartlett2-36/+86
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-libnet: Pass the full struct smb_krb5_context to sdb_kt_copy()Andrew Bartlett1-3/+4
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14s4-libnet: Provide hint for "samba-tool domain exportkeytab" if used over ↵Andrew Bartlett1-1/+14
LDAP without gMSA Only gMSA accounts, and only for authoriszed users, can export be exported without local sam.ldb access. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14Make "samba-tool domain exportkeytab" prune old keysAndrew Bartlett1-0/+21
This slowly prepares this to be an update tool, not just a one-off export tool Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14samba-tool domain exportkeytab: Add support for -H to point to a different ↵Andrew Bartlett2-3/+13
sam.ldb Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-03-14libnet: Prepare to allow "samba-tool domain exportkeytab to support -HAndrew Bartlett2-0/+2
We need to allow a samdb to be passed from the python to support using a specific DB or remote server for gMSA passwords. The gMSA passwords will not use this code, but we need to be consistant. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2023-11-20Use python.h from libreplaceAndreas Schneider2-2/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-09-11s4:libnet: Fix code spellingJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 22:46:51 +0000