summaryrefslogtreecommitdiff
path: root/source4/rpc_server
AgeCommit message (Collapse)AuthorFilesLines
2026-01-07lib: Don't call a function to initialize an empty DATA_BLOBVolker Lendecke2-4/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-10-17Add missing include needed for cmocka.hAndreas Schneider1-0/+1
This will be required in future. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-11rpc_server: Remove the source4 implementation of wkssvcStefan Metzmacher2-412/+0
This was pretty much a stub anyway Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Thu Sep 11 15:16:17 UTC 2025 on atb-devel-224
2025-09-02dnsserver: Align an integer typeVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-05-19s4:rpc_server: don't use event_ctx as talloc parent of dcesrv_sockStefan Metzmacher1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-05-15lsa_server4: Fix commentsVolker Lendecke1-2/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2025-02-22s4:rpc_server/lsa: let dcesrv_lsa_lookup_name_account() handle uPNSuffixesStefan Metzmacher1-4/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/netlogon: let dcesrv_netr_NTLMv2_RESPONSE_verify do RODC checkingStefan Metzmacher1-2/+99
This implements MS-NRPC 3.5.4.5.1.2 RODC server cachability validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds() return the ↵Stefan Metzmacher1-1/+3
computer_name This will be used to implement the MS-NRPC 3.5.4.5.1.2 RODC server cachability validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/netlogon: let dcesrv_netr_NTLMv2_RESPONSE_verify generate ↵Stefan Metzmacher1-0/+121
trust_forest_domain_info array MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation, requires to pass information about the trust topology to NTLMv2_RESPONSE_verify_netlogon_creds()... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22libcli/auth: pass trust_forest_domain_info array to ↵Stefan Metzmacher1-1/+5
NTLMv2_RESPONSE_verify_netlogon_creds This will be used in the next commits in order to implement MS-NRPC 3.5.4.5.1.1 Pass-through domain name validation. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/netlogon: split out dcesrv_netr_NTLMv2_RESPONSE_verify()Stefan Metzmacher1-7/+28
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: add lsaR[G|S]etForestTrustInformation2 support to allow ↵Stefan Metzmacher1-6/+72
FOREST_TRUST_SCANNER_INFO Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:dsdb/util_trusts: convert most functions from lsa_ForestTrustInformation ↵Stefan Metzmacher2-12/+38
to lsa_ForestTrustInformation2 We use trust_forest_info_lsa_{1to2,2to1}() where needed. This will make it possible to support FOREST_TRUST_BINARY_DATA and FOREST_TRUST_SCANNER_INFO later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: split out dcesrv_lsa_SetFTI()Stefan Metzmacher1-21/+52
This will help implementing dcesrv_lsa_lsaRSetForestTrustInformation2 later... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: split out dcesrv_lsa_QueryFTI()Stefan Metzmacher1-16/+41
This will help implementing dcesrv_lsa_lsaRQueryForestTrustInformation2 later... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: always add msDS-TrustForestTrustInfo if FOREST_TRANSITIVE ↵Stefan Metzmacher1-0/+98
is set Windows (at least server 2025) always creates the default msDS-TrustForestTrustInfo, with just a TOP_LEVEL_NAME and DOMAIN_INFO representing the forest root domain of the trust. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: add allocation checks to fill_trust_domain_ex()Stefan Metzmacher1-0/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-22s4:rpc_server/lsa: make use of trust_forest_info_{from,to}_lsa()Stefan Metzmacher1-5/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: PIM trusts are not supported yetStefan Metzmacher1-0/+7
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: a PIM trust requires FOREST_TRANSITIVEStefan Metzmacher1-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: WITHIN_FOREST together with FOREST_TRANSITIVE is invalidStefan Metzmacher1-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: don't allow WITHIN_FOREST trustsStefan Metzmacher1-0/+7
They are not supported yet. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: don't allow WITHIN_FOREST together with CROSS_ORGANIZATIONStefan Metzmacher1-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server: dcesrv_lsa_DeleteObject needs to close the handlesStefan Metzmacher1-0/+6
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: let dcesrv_lsa_CreateTrustedDomain check for valid ↵Stefan Metzmacher1-0/+4
netbios name length Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-08s4:rpc_server/lsa: no longer send MSG_WINBIND_RELOAD_TRUSTED_DOMAINSStefan Metzmacher1-43/+0
This is done by the "trust_notify" ldb module now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-02-04s3,s4: Make case spelling of sAMAccountName consistentPavel Filipenský4-12/+12
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-01-29s4:rpc_server/lsa: let LookupSids* behave like Windows 2022/2025Stefan Metzmacher1-0/+15
The important part is the INVALID_SID should not cause an early exit of the loop. We need to return the intact names array with the correct count. And only return INVALID_SID if we would otherwise return NONE_MAPPED. For SOME_NOT_MAPPED we need to ignore invalid sids and just pretend they are not mapped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14213 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-01-08s4:rpc_server/netlogon: fix error codes for netr_NetrLogonSendToSam() with ↵Stefan Metzmacher1-1/+4
SEC_CHAN_RODC Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08s4:rpc_server/netlogon: an RODC is not allowed to call netr_ServerPasswordGet()Stefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-01-08s4:rpc_server/netlogon: fill netlogon_creds_CredentialState->tdo_guidStefan Metzmacher1-0/+13
This will help us to lookup the tdo object using a <GUID=TDO-GUID> search base. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2024-12-12s4:rpc_server/netlogon: fix dcesrv_netr_LogonSamLogon_base_call() for ↵Stefan Metzmacher1-5/+10
ServerAuthenticateKerberos() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Dec 12 15:00:10 UTC 2024 on atb-devel-224
2024-12-12s4:rpc_server/netlogon: fix dcesrv_netr_ServerPasswordSet[2] for ↵Stefan Metzmacher1-8/+36
ServerAuthenticateKerberos Review with: git show --patience Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-12s4:rpc_server/netlogon: implement dcesrv_netr_ServerAuthenticateKerberosStefan Metzmacher1-5/+203
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-12s4:rpc_server/lsa: allow krb5+privacy instead of schannelStefan Metzmacher1-2/+10
With netr_ServerAuthenticateKerberos() clients also use krb5 for lsa_LookupSids3 and lsa_LookupNames4. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-12s4:rpc_server: make use of dcesrv_assoc_group_common_destructor()Stefan Metzmacher1-0/+3
Currently this should not be needed, but it's better to call dcesrv_assoc_group_common_destructor() in all assoc_group destructors. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15765 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Dec 12 07:22:29 UTC 2024 on atb-devel-224
2024-12-05s4:rpc_server/netlogon: fix error codes in dcesrv_netr_NetrLogonSendToSamStefan Metzmacher1-4/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Dec 5 17:46:49 UTC 2024 on atb-devel-224
2024-12-05s4:rpc_server/netlogon: implement dcesrv_netr_ServerPasswordGet()Stefan Metzmacher1-4/+35
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-05s4:rpc_server/netlogon: let dcesrv_netr_LogonSamLogon_base_reply handle ↵Stefan Metzmacher1-0/+6
encryption errors This might be the better option when we implement netr_ServerAuthenticateKerberos(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-12-05schannel.idl: change netlogon_creds_CredentialState layout for 4.22Stefan Metzmacher1-8/+8
This breaks compat with 4.21 and moves stuff out of netlogon_creds_CredentialState_extra_info. It also prepares support for netr_ServerAuthenticateKerberos() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2024-11-12lsasrv: Simplify dcesrv_lsa_AddRemoveAccountRights()Volker Lendecke1-8/+3
Use dom_sid_string_buf, no need to talloc. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-11-06s4: s/the the\b/the/ in miscellaneous commentsDouglas Bagnall1-1/+1
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
2024-10-30s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSamStefan Metzmacher1-9/+10
This will make it easier to implement netr_ServerAuthenticateKerberos() later... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPasswordStefan Metzmacher1-10/+8
This will make it easier to implement netr_ServerAuthenticateKerberos() later... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()Stefan Metzmacher1-3/+20
This will make it easier to implement netr_ServerAuthenticateKerberos() later... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30libcli/auth: pass auth_{type,level} to ↵Stefan Metzmacher1-1/+3
netlogon_creds_{de,en}crypt_samlogon_logon() This will be needed when we implement netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30libcli/auth: pass auth_{type,level} to ↵Stefan Metzmacher1-1/+8
netlogon_creds_{de,en}crypt_samlogon_validation() This will be needed when we implement netr_ServerAuthenticateKerberos... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuffStefan Metzmacher1-0/+30
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()Stefan Metzmacher1-54/+125
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 22:42:33 +0000