gd/samba-autobuild/.git
5 years agolibgpo: remove extension_guid and snapin_guid (the tool guid) from the process callback.
Günther Deschner [Thu, 19 Dec 2013 13:34:53 +0000 (14:34 +0100)]
libgpo: remove extension_guid and snapin_guid (the tool guid) from the process callback.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: allow to pass down deleted and changed gpo list to CSE plugins.
Günther Deschner [Wed, 18 Dec 2013 18:33:28 +0000 (19:33 +0100)]
libgpo: allow to pass down deleted and changed gpo list to CSE plugins.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo/gpext: add new gpext_check_gpo_for_gpext_presence() helper function.
Günther Deschner [Wed, 18 Dec 2013 18:59:09 +0000 (19:59 +0100)]
libgpo/gpext: add new gpext_check_gpo_for_gpext_presence() helper function.

It will be used to inspect single members of a gpo list for the presence of a CSE guid.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: add gpo_copy().
Günther Deschner [Thu, 19 Dec 2013 12:27:45 +0000 (13:27 +0100)]
libgpo: add gpo_copy().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: make gpo_get_gp_ext_from_gpo public.
Günther Deschner [Wed, 18 Dec 2013 19:02:58 +0000 (20:02 +0100)]
libgpo: make gpo_get_gp_ext_from_gpo public.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: make gpo_process_a_gpo() static to the util code.
Günther Deschner [Wed, 18 Dec 2013 16:59:38 +0000 (17:59 +0100)]
libgpo: make gpo_process_a_gpo() static to the util code.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: remove unused gp_registry_entry2 struct.
Günther Deschner [Wed, 18 Dec 2013 15:29:36 +0000 (16:29 +0100)]
libgpo: remove unused gp_registry_entry2 struct.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: remove ads reference from dump calls and make them take const structs.
Günther Deschner [Wed, 18 Dec 2013 14:45:58 +0000 (15:45 +0100)]
libgpo: remove ads reference from dump calls and make them take const structs.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: prefix some more calls with gpext_.
Günther Deschner [Wed, 18 Dec 2013 14:43:23 +0000 (15:43 +0100)]
libgpo: prefix some more calls with gpext_.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo: rename debug_gpext_header to gpext_debug_header.
Günther Deschner [Wed, 18 Dec 2013 14:24:17 +0000 (15:24 +0100)]
libgpo: rename debug_gpext_header to gpext_debug_header.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibgpo/CSE/scripts: fix a build warning.
Günther Deschner [Thu, 19 Dec 2013 21:22:39 +0000 (22:22 +0100)]
libgpo/CSE/scripts: fix a build warning.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3-registry: fix typo in DEBUG statement.
Günther Deschner [Thu, 19 Dec 2013 20:29:32 +0000 (21:29 +0100)]
s3-registry: fix typo in DEBUG statement.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:netlogon: implement "allow nt4 crypto" and "reject md5 clients" features.
Stefan Metzmacher [Fri, 6 Dec 2013 11:08:50 +0000 (12:08 +0100)]
s4:netlogon: implement "allow nt4 crypto" and "reject md5 clients" features.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  7 16:53:31 CET 2014 on sn-devel-104

5 years agos4:netlogon: don't generate a debug message for SEC_CHAN_NULL.
Stefan Metzmacher [Mon, 23 Dec 2013 09:10:17 +0000 (10:10 +0100)]
s4:netlogon: don't generate a debug message for SEC_CHAN_NULL.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:netlogon: correctly calculate the negotiate_flags
Stefan Metzmacher [Mon, 23 Dec 2013 09:12:24 +0000 (10:12 +0100)]
s4:netlogon: correctly calculate the negotiate_flags

We need to bit-wise AND the client and server flags.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agoselftest/Samba4: use "allow nt4 crypto = yes" for testing
Stefan Metzmacher [Fri, 6 Dec 2013 12:41:43 +0000 (13:41 +0100)]
selftest/Samba4: use "allow nt4 crypto = yes" for testing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolib/param: add "reject md5 client" option, defaulting to false
Stefan Metzmacher [Fri, 6 Dec 2013 10:39:15 +0000 (11:39 +0100)]
lib/param: add "reject md5 client" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolib/param: add "allow nt4 crypto" option, defaulting to false
Stefan Metzmacher [Fri, 6 Dec 2013 10:38:21 +0000 (11:38 +0100)]
lib/param: add "allow nt4 crypto" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolibcli/auth: remove unused netlogon_creds_cli_context_copy()
Stefan Metzmacher [Thu, 17 Oct 2013 17:17:12 +0000 (19:17 +0200)]
libcli/auth: remove unused netlogon_creds_cli_context_copy()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: finally remove unused rpc_pipe_client->netlogon_creds
Stefan Metzmacher [Mon, 16 Sep 2013 17:25:27 +0000 (19:25 +0200)]
s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()
Stefan Metzmacher [Mon, 16 Sep 2013 17:23:54 +0000 (19:23 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: remove unused rpccli_netlogon_sam_logon()
Stefan Metzmacher [Mon, 16 Sep 2013 17:23:18 +0000 (19:23 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_sam_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: remove unused rpccli_netlogon_setup_creds()
Stefan Metzmacher [Fri, 6 Sep 2013 11:06:53 +0000 (13:06 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_setup_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: remove unused rpccli_netlogon_set_trust_password()
Stefan Metzmacher [Fri, 6 Sep 2013 11:54:30 +0000 (13:54 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible
Stefan Metzmacher [Mon, 16 Sep 2013 18:53:51 +0000 (20:53 +0200)]
s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible

It expects a messaging_context now
and returns a netlogon_creds_cli_context.

This way we can finally avoid having a rpc_pipe_client->netlogon_creds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: make use of rpccli_netlogon_network_logon()
Stefan Metzmacher [Mon, 16 Sep 2013 22:56:15 +0000 (00:56 +0200)]
s3:winbindd: make use of rpccli_netlogon_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmd
Stefan Metzmacher [Mon, 16 Sep 2013 22:48:31 +0000 (00:48 +0200)]
s3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmd
Stefan Metzmacher [Mon, 16 Sep 2013 22:46:09 +0000 (00:46 +0200)]
s3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: give errors and clean up correctly after failing to obtain secret
Garming Sam [Fri, 29 Nov 2013 01:45:20 +0000 (14:45 +1300)]
s3:rpcclient: give errors and clean up correctly after failing to obtain secret

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: make use of rpccli_{create,setup}_netlogon_creds()
Stefan Metzmacher [Mon, 16 Sep 2013 18:51:25 +0000 (20:51 +0200)]
s3:rpcclient: make use of rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:libnet: pass in struct netlogon_creds_cli_context from the caller.
Stefan Metzmacher [Mon, 16 Sep 2013 17:19:39 +0000 (19:19 +0200)]
s3:libnet: pass in struct netlogon_creds_cli_context from the caller.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:libsmb: remove unused trust_pw_find_change_and_store_it()
Stefan Metzmacher [Mon, 16 Sep 2013 16:39:52 +0000 (18:39 +0200)]
s3:libsmb: remove unused trust_pw_find_change_and_store_it()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()
Stefan Metzmacher [Mon, 16 Sep 2013 16:37:34 +0000 (18:37 +0200)]
s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: make use of trust_pw_change() for periodic password changes
Stefan Metzmacher [Mon, 16 Sep 2013 16:36:43 +0000 (18:36 +0200)]
s3:winbindd: make use of trust_pw_change() for periodic password changes

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: use invalidate_cm_connection() to kill the netlogon connection
Stefan Metzmacher [Mon, 16 Sep 2013 16:35:39 +0000 (18:35 +0200)]
s3:winbindd: use invalidate_cm_connection() to kill the netlogon connection

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:net_rpc: make use of trust_pw_change()
Stefan Metzmacher [Mon, 16 Sep 2013 16:34:48 +0000 (18:34 +0200)]
s3:net_rpc: make use of trust_pw_change()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: make use of trust_pw_change()
Stefan Metzmacher [Mon, 16 Sep 2013 16:33:51 +0000 (18:33 +0200)]
s3:rpcclient: make use of trust_pw_change()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:libsmb: add trust_pw_change()
Stefan Metzmacher [Sun, 15 Sep 2013 11:19:52 +0000 (13:19 +0200)]
s3:libsmb: add trust_pw_change()

This protects the password change using a domain specific g_lock,
so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret'
even on multiple cluster nodes doesn't race anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:net_rpc: add net_context->netlogon_creds
Stefan Metzmacher [Mon, 16 Sep 2013 17:59:11 +0000 (19:59 +0200)]
s3:net_rpc: add net_context->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds
Stefan Metzmacher [Mon, 16 Sep 2013 17:00:22 +0000 (19:00 +0200)]
s3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: remove unused rpccli_netlogon_setup_creds() from cmd_netlogon_database_...
Stefan Metzmacher [Mon, 16 Sep 2013 16:57:09 +0000 (18:57 +0200)]
s3:rpcclient: remove unused rpccli_netlogon_setup_creds() from cmd_netlogon_database_redo()

rpccli_netlogon_setup_creds() is already called in the main do_cmd()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: add rpcclient_netlogon_creds
Stefan Metzmacher [Mon, 16 Sep 2013 16:29:30 +0000 (18:29 +0200)]
s3:rpcclient: add rpcclient_netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpcclient: add rpcclient_msg_ctx
Stefan Metzmacher [Mon, 16 Sep 2013 16:24:44 +0000 (18:24 +0200)]
s3:rpcclient: add rpcclient_msg_ctx

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schannel()
Stefan Metzmacher [Wed, 11 Sep 2013 08:06:41 +0000 (10:06 +0200)]
s3:rpc_client: use rpccli_{create,setup}_netlogon_creds() in cli_rpc_pipe_open_schannel()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_u...
Stefan Metzmacher [Thu, 5 Sep 2013 18:57:02 +0000 (20:57 +0200)]
s3:libnet: use rpccli_{create,setup}_netlogon_creds() in libnet_join_joindomain_rpc_unsecure

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()
Stefan Metzmacher [Mon, 2 Sep 2013 17:32:23 +0000 (19:32 +0200)]
s3:libnet_join: make use of rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:auth_domain: make use of rpccli_netlogon_network_logon()
Stefan Metzmacher [Tue, 27 Aug 2013 13:02:26 +0000 (15:02 +0200)]
s3:auth_domain: make use of rpccli_netlogon_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()
Stefan Metzmacher [Tue, 27 Aug 2013 13:01:10 +0000 (15:01 +0200)]
s3:auth_domain: make use of rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:auth_domain: simplify connect_to_domain_password_server()
Stefan Metzmacher [Tue, 27 Aug 2013 11:07:45 +0000 (13:07 +0200)]
s3:auth_domain: simplify connect_to_domain_password_server()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()
Stefan Metzmacher [Wed, 7 Aug 2013 09:32:44 +0000 (11:32 +0200)]
s3:winbindd: make use of rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: call rpccli_pre_open_netlogon_creds() in the parent
Stefan Metzmacher [Tue, 17 Dec 2013 19:06:14 +0000 (20:06 +0100)]
s3:winbindd: call rpccli_pre_open_netlogon_creds() in the parent

This opens the CLEAR_IF_FIRST tdb in the long living parent.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: add rpccli_netlogon_password_logon()
Stefan Metzmacher [Tue, 27 Aug 2013 12:56:06 +0000 (14:56 +0200)]
s3:rpc_client: add rpccli_netlogon_password_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: add rpccli_netlogon_network_logon()
Stefan Metzmacher [Tue, 27 Aug 2013 12:36:24 +0000 (14:36 +0200)]
s3:rpc_client: add rpccli_netlogon_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()
Stefan Metzmacher [Tue, 27 Aug 2013 12:07:43 +0000 (14:07 +0200)]
s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon_ex()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: add rpccli_pre_open_netlogon_creds()
Stefan Metzmacher [Tue, 17 Dec 2013 19:05:56 +0000 (20:05 +0100)]
s3:rpc_client: add rpccli_pre_open_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: add rpccli_{create,setup}_netlogon_creds()
Stefan Metzmacher [Wed, 7 Aug 2013 09:27:25 +0000 (11:27 +0200)]
s3:rpc_client: add rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: use netlogon_creds_cli_auth_level() in cli_rpc_pipe_open_schannel_with...
Stefan Metzmacher [Thu, 17 Oct 2013 15:03:00 +0000 (17:03 +0200)]
s3:rpc_client: use netlogon_creds_cli_auth_level() in cli_rpc_pipe_open_schannel_with_key()

This means the auth level is now based on the "winbindd sealed pipes" option,
defaulting to "yes" and DCERPC_AUTH_LEVEL_PRIVACY.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:rpc_client: make use of the new netlogon_creds_cli_context
Stefan Metzmacher [Sat, 27 Jul 2013 09:30:13 +0000 (11:30 +0200)]
s3:rpc_client: make use of the new netlogon_creds_cli_context

This exchanges rpc_pipe_client->dc with rpc_pipe_client->netlogon_creds
and lets the secure channel session state be stored in node local database.

This is the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agodocs-xml: update 'winbind sealed pipes' description
Stefan Metzmacher [Thu, 14 Nov 2013 17:53:06 +0000 (18:53 +0100)]
docs-xml: update 'winbind sealed pipes' description

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:winbindd: make use of the "winbind sealed pipes" option for all connections
Stefan Metzmacher [Thu, 17 Oct 2013 17:31:58 +0000 (19:31 +0200)]
s3:winbindd: make use of the "winbind sealed pipes" option for all connections

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agodocs-xml: explain the interaction of 'client schannel' with 'require strong key ...
Stefan Metzmacher [Mon, 23 Dec 2013 09:46:57 +0000 (10:46 +0100)]
docs-xml: explain the interaction of 'client schannel' with 'require strong key = yes'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agodocs-xml: explain the interaction between security = ads and other options.
Stefan Metzmacher [Mon, 23 Dec 2013 09:45:27 +0000 (10:45 +0100)]
docs-xml: explain the interaction between security = ads and other options.

It implies 'require strong key = yes' and 'client schannel = yes'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolibcli/auth: make use of real options in netlogon_creds_cli_context_global()
Stefan Metzmacher [Thu, 17 Oct 2013 16:48:15 +0000 (18:48 +0200)]
libcli/auth: make use of real options in netlogon_creds_cli_context_global()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:param: set Globals.bRequireStrongKey = true
Stefan Metzmacher [Thu, 17 Oct 2013 17:01:47 +0000 (19:01 +0200)]
s3:param: set Globals.bRequireStrongKey = true

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolib/param: add "require strong key" option, defaulting to true
Stefan Metzmacher [Thu, 17 Oct 2013 16:39:56 +0000 (18:39 +0200)]
lib/param: add "require strong key" option, defaulting to true

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolib/param: add "reject md5 servers" option, defaulting to false
Stefan Metzmacher [Thu, 17 Oct 2013 16:39:56 +0000 (18:39 +0200)]
lib/param: add "reject md5 servers" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolib/param: add "neutralize nt4 emulation" option, defaulting to false
Stefan Metzmacher [Thu, 17 Oct 2013 16:39:56 +0000 (18:39 +0200)]
lib/param: add "neutralize nt4 emulation" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos3:param: set Globals.bWinbindSealedPipes = true
Stefan Metzmacher [Thu, 17 Oct 2013 17:01:28 +0000 (19:01 +0200)]
s3:param: set Globals.bWinbindSealedPipes = true

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolibcli/auth: use unique key_name values in netlogon_creds_cli_context_common()
Stefan Metzmacher [Fri, 13 Dec 2013 16:31:45 +0000 (17:31 +0100)]
libcli/auth: use unique key_name values in netlogon_creds_cli_context_common()

Until all callers are fixed to pass the same 'server_computer'
value, we try to calculate a server_netbios_name and use this
as unique identifier for a specific domain controller.

Otherwise winbind would use 'hostname.example.com'
while 'net rpc testjoin' would use 'HOSTNAME',
which leads to 2 records in netlogon_creds_cli.tdb
for the same domain controller.

Once all callers are fixed we can think about reverting this
commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agolibcli/auth: add netlogon_creds_cli* infrastructure
Stefan Metzmacher [Thu, 18 Apr 2013 17:16:42 +0000 (19:16 +0200)]
libcli/auth: add netlogon_creds_cli* infrastructure

This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.

Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.

We now use a node specific computer name in order to establish
individual netlogon sessions per node.

If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.

The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.

LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.

This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563
https://bugzilla.samba.org/show_bug.cgi?id=7944
https://bugzilla.samba.org/show_bug.cgi?id=7945
https://bugzilla.samba.org/show_bug.cgi?id=7568
https://bugzilla.samba.org/show_bug.cgi?id=8599

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
5 years agos4:librpc: remove recv_data from transport
Gregor Beck [Wed, 4 Dec 2013 13:58:40 +0000 (14:58 +0100)]
s4:librpc: remove recv_data from transport

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  7 12:42:32 CET 2014 on sn-devel-104

5 years agos4:librpc: factor out xxx_send_request() to dcerpc_send_request()
Gregor Beck [Wed, 4 Dec 2013 14:51:31 +0000 (15:51 +0100)]
s4:librpc: factor out xxx_send_request() to dcerpc_send_request()

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: factor out xxx_send_read() to dcerpc_send_read()
Gregor Beck [Wed, 4 Dec 2013 14:51:07 +0000 (15:51 +0100)]
s4:librpc: factor out xxx_send_read() to dcerpc_send_read()

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: factor out xxx_shutdown_pipe() to dcerpc_shutdown_pipe()
Gregor Beck [Tue, 24 Sep 2013 10:45:26 +0000 (12:45 +0200)]
s4:librpc: factor out xxx_shutdown_pipe() to dcerpc_shutdown_pipe()

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: factor out xxx_dead() to dcerpc_transport_dead()
Gregor Beck [Tue, 24 Sep 2013 10:32:50 +0000 (12:32 +0200)]
s4:librpc: factor out xxx_dead() to dcerpc_transport_dead()

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: remove server_name from transport
Gregor Beck [Mon, 23 Sep 2013 11:54:38 +0000 (13:54 +0200)]
s4:librpc: remove server_name from transport

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: make 'struct dcerpc_pipe_connect' private
Stefan Metzmacher [Wed, 4 Dec 2013 13:28:11 +0000 (14:28 +0100)]
s4:librpc: make 'struct dcerpc_pipe_connect' private

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: remove unused dcerpc_smb2.c
Stefan Metzmacher [Thu, 19 Sep 2013 16:53:34 +0000 (18:53 +0200)]
s4:librpc: remove unused dcerpc_smb2.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: implement dcerpc_pipe_open_smb2() in dcerpc_smb.c
Stefan Metzmacher [Thu, 19 Sep 2013 16:50:27 +0000 (18:50 +0200)]
s4:librpc: implement dcerpc_pipe_open_smb2() in dcerpc_smb.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: make use of dcerpc_pipe_open_smb_send/recv for SMB2
Stefan Metzmacher [Thu, 19 Sep 2013 16:43:06 +0000 (18:43 +0200)]
s4:librpc: make use of dcerpc_pipe_open_smb_send/recv for SMB2

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: pass dcecli_connection instead of dcerpc_pipe to dcerpc_secondary_smb_send()
Stefan Metzmacher [Thu, 19 Sep 2013 16:36:19 +0000 (18:36 +0200)]
s4:librpc: pass dcecli_connection instead of dcerpc_pipe to dcerpc_secondary_smb_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: use dcerpc_binding_dup() instead of talloc_reference()
Stefan Metzmacher [Thu, 19 Sep 2013 16:23:37 +0000 (18:23 +0200)]
s4:librpc: use dcerpc_binding_dup() instead of talloc_reference()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: pass smbXcli_{conn,session,tcon} to dcerpc_pipe_open_smb_send()
Stefan Metzmacher [Thu, 19 Sep 2013 16:16:16 +0000 (18:16 +0200)]
s4:librpc: pass smbXcli_{conn,session,tcon} to dcerpc_pipe_open_smb_send()

This will allow it to be used also for smb2 later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: don't talloc_reference smbcli_tree
Stefan Metzmacher [Thu, 19 Sep 2013 15:29:56 +0000 (17:29 +0200)]
s4:librpc: don't talloc_reference smbcli_tree

It's the job of the caller to make sure it stays for the
whole lifetime of the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: keep smbcli_tree/smb2_tree as talloc child of dcecli_connection
Stefan Metzmacher [Thu, 19 Sep 2013 15:26:37 +0000 (17:26 +0200)]
s4:librpc: keep smbcli_tree/smb2_tree as talloc child of dcecli_connection

This will avoid the need of talloc_reference later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: use tstream_smbXcli_np in dcerpc_smb.c
Gregor Beck [Mon, 16 Sep 2013 09:51:44 +0000 (11:51 +0200)]
s4:librpc: use tstream_smbXcli_np in dcerpc_smb.c

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: use tstream in dcerpc_sock.c
Gregor Beck [Wed, 4 Sep 2013 11:16:05 +0000 (13:16 +0200)]
s4:librpc: use tstream in dcerpc_sock.c

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos4:librpc: make it possible for the transport to specify the max_xmit/recv_size
Stefan Metzmacher [Wed, 18 Sep 2013 15:29:53 +0000 (17:29 +0200)]
s4:librpc: make it possible for the transport to specify the max_xmit/recv_size

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibcli/smb: s/tstream_cli_np/tstream_smbXcli_np
Stefan Metzmacher [Fri, 29 Nov 2013 11:24:50 +0000 (12:24 +0100)]
libcli/smb: s/tstream_cli_np/tstream_smbXcli_np

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibcli/smb: s/TSTREAM_CLI_NP/TSTREAM_SMBXCLI_NP
Stefan Metzmacher [Fri, 29 Nov 2013 11:18:29 +0000 (12:18 +0100)]
libcli/smb: s/TSTREAM_CLI_NP/TSTREAM_SMBXCLI_NP

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.c
Stefan Metzmacher [Fri, 13 Sep 2013 13:50:10 +0000 (15:50 +0200)]
libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.c

This code is generic enough to have it in the top level now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: add a TSTREAM_CLI_NP_DESIRED_ACCESS define as collection of individual...
Stefan Metzmacher [Fri, 29 Nov 2013 10:58:18 +0000 (11:58 +0100)]
s3:libsmb: add a TSTREAM_CLI_NP_DESIRED_ACCESS define as collection of individual flags

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: add tstream_cli_np_ref as protection to talloc_free(smbXcli_conn)
Stefan Metzmacher [Thu, 19 Sep 2013 23:11:40 +0000 (01:11 +0200)]
s3:libsmb: add tstream_cli_np_ref as protection to talloc_free(smbXcli_conn)

This makes sure that we don't have dangling pointers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: do not use cli_state internally within cli_np_tstream
Gregor Beck [Fri, 13 Sep 2013 10:55:34 +0000 (12:55 +0200)]
s3:libsmb: do not use cli_state internally within cli_np_tstream

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: let cli_np_tstream use smb1cli_readx
Gregor Beck [Fri, 13 Sep 2013 07:26:25 +0000 (09:26 +0200)]
s3:libsmb: let cli_np_tstream use smb1cli_readx

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: let cli_np_tstream use smb1cli_writex
Gregor Beck [Thu, 12 Sep 2013 09:43:30 +0000 (11:43 +0200)]
s3:libsmb: let cli_np_tstream use smb1cli_writex

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: let cli_np_tstream use smb1cli_close
Gregor Beck [Thu, 12 Sep 2013 08:10:06 +0000 (10:10 +0200)]
s3:libsmb: let cli_np_tstream use smb1cli_close

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: let cli_np_tstream use smb1cli_trans
Gregor Beck [Wed, 11 Sep 2013 14:16:15 +0000 (14:16 +0000)]
s3:libsmb: let cli_np_tstream use smb1cli_trans

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agos3:libsmb: let cli_np_tstream use smb1cli_ntcreatex
Gregor Beck [Wed, 11 Sep 2013 13:54:31 +0000 (13:54 +0000)]
s3:libsmb: let cli_np_tstream use smb1cli_ntcreatex

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
5 years agolibcli/smb: add smb1cli_readx*
Gregor Beck [Thu, 12 Sep 2013 12:35:35 +0000 (14:35 +0200)]
libcli/smb: add smb1cli_readx*

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>