summaryrefslogtreecommitdiff
path: root/source3/libnet
Commit message (Collapse)AuthorAgeFilesLines
...
* s3:libnet_join: remove dead code from libnet_join_connect_ads()Stefan Metzmacher2017-06-271-7/+2
| | | | | | | | | username[strlen(username)] is *always* '\0'! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: make use of trust_pw_new_value()Stefan Metzmacher2017-02-211-6/+10
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libnet: Use "all_zero" where appropriateVolker Lendecke2017-01-036-21/+9
| | | | | | | ... Saves a few bytes of footprint Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:libnet_join: make use of cli_full_connection_creds()Stefan Metzmacher2016-12-021-17/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Update smbrun to allow for settings environment variables.Trever L. Adams2016-10-132-2/+2
| | | | | | | | | Signed-off-by: Trever L. Adams <trever.adams@gmail.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 13 04:26:26 CEST 2016 on sn-devel-144
* s3-libnet: Pass enum value names to dcerpc_samr_SetUserInfo2()Andreas Schneider2016-10-061-3/+3
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4-libnet: Use SetUserInfo2 to set the account flagsAndreas Schneider2016-10-061-5/+5
| | | | | | | | [MS-WKST] states that SetUserInfo2 should be used to set the account flags. We already call this a few lines down to set the password. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_DEFAULT_JOIN_REQUIRED with ↵Günther Deschner2016-09-281-2/+2
| | | | | | | | | WERR_NERR_DEFAULTJOINREQUIRED in source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_SETUP_DOMAIN_CONTROLLER with ↵Günther Deschner2016-09-281-1/+1
| | | | | | | | | WERR_NERR_SETUPDOMAINCONTROLLER in source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_SETUP_NOT_JOINED with WERR_NERR_SETUPNOTJOINED in ↵Günther Deschner2016-09-281-4/+4
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_SETUP_ALREADY_JOINED with WERR_NERR_SETUPALREADYJOINED ↵Günther Deschner2016-09-281-1/+1
| | | | | | | | | in source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_DCNOTFOUND with WERR_NERR_DCNOTFOUND in ↵Günther Deschner2016-09-281-5/+5
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_NO_SUCH_SERVICE with WERR_SERVICE_DOES_NOT_EXIST in ↵Günther Deschner2016-09-281-10/+10
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_INVALID_PARAM with WERR_INVALID_PARAMETER in ↵Günther Deschner2016-09-281-5/+5
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_GENERAL_FAILURE with WERR_GEN_FAILURE in ↵Günther Deschner2016-09-281-1/+1
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in ↵Günther Deschner2016-09-281-4/+4
| | | | | | | | | source3/libnet/libnet_join.c Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-lib: Do not set an empty string in split_domain_user()Andreas Schneider2016-09-251-10/+30
| | | | | | | | | | The function should also return if it failed or not. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Sep 25 12:56:17 CEST 2016 on sn-devel-144
* krb5_wrap: Rename smb_krb5_keytab_name()Andreas Schneider2016-08-311-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_wrap: Rename smb_krb5_open_keytab_relative()Andreas Schneider2016-08-311-4/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-libnet: Fix format-nonliteral warningAmitay Isaacs2016-08-242-0/+13
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12168 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-libnet: Add missing format elementAmitay Isaacs2016-08-181-2/+2
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12163 Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Aug 18 23:49:42 CEST 2016 on sn-devel-144
* s3:libnet_dssync_keytab: ignore empty supplementalCredentialsBlob structuresStefan Metzmacher2016-07-201-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s3-libnet: Add a comment to make cleaŕ we want to fall throughAndreas Schneider2016-06-241-0/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jun 24 05:58:35 CEST 2016 on sn-devel-144
* libnet: ignore realm setting for domain security joins to AD domains if ↵Michael Adam2016-06-221-0/+16
| | | | | | | | | | | | | | 'winbind rpc only = true' Inspired by initial patch from Matt Rogers @ RedHat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Jun 22 05:05:47 CEST 2016 on sn-devel-144
* Revert "s3:libnet: accept empty realm for AD domains when only ↵Michael Adam2016-06-221-17/+0
| | | | | | | | | security=domain is set." This reverts commit 234a470f198f8f09f46aaeaf58f966faccedef18. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libnet: only create local private krb5.conf if joining an AD domainMichael Adam2016-06-171-3/+5
| | | | | | | | | | This prevents irritating warning messages. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 17 08:13:55 CEST 2016 on sn-devel-144
* s3-libnet: Fix compiler errors when building with --address-sanitizerAndrew Bartlett2016-06-161-1/+1
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s3:libnet: accept empty realm for AD domains when only security=domain is set.Günther Deschner2016-06-151-0/+17
| | | | | | | | | | | | | | | Initial patch from Matt Rogers @ RedHat. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11977 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Jun 15 20:28:31 CEST 2016 on sn-devel-144
* libnet_join: use sitename if it was set by pre-join detectionAlexander Bokovoy2016-06-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | When domain member is joined to AD, we need to use the same DC to authenticate against after the join because the machine account might not be replicated yet to other domain controllers, including off-site. Bug https://bugzilla.samba.org/show_bug.cgi?id=11769 dealt with detection of the site pre-join. However, we rewrite private local krb5.conf afterwards without taking the discovered site name into account. Fix this by reusing the site discovered pre-join. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11975 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jun 15 15:25:44 CEST 2016 on sn-devel-144
* s3:libnet:libnet_join: add netbios aliases as SPNsRalph Boehme2016-05-041-0/+60
| | | | | | | | | | | | | | | | | | Add all listed smb.conf netbios aliases as SPNs to the machine account: HOST/NETBIOS_ALIAS@REALM and HOST/netbios_alias.dnsdomain.name@REALM Bug: https://bugzilla.samba.org/show_bug.cgi?id=1703 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed May 4 17:58:05 CEST 2016 on sn-devel-144
* lib: Give base64.c its own .hVolker Lendecke2016-05-043-0/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Make callers of base64_encode_data_blob check for successVolker Lendecke2016-05-042-6/+13
| | | | | | | | | Quite a few callers already did check for !=NULL. With the current code this is pointless due to a SMB_ASSERT in base64_encode_data_blob() itself. Make the callers consistently check, so that we can remove SMB_ASSERT from base64.c. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2115: s3:libnet: use SMB_SIGNING_IPC_DEFAULTRalph Boehme2016-04-121-3/+3
| | | | | | | | | Use SMB_SIGNING_IPC_DEFAULT for RPC connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) ↵Günther Deschner2016-03-141-4/+55
| | | | | | | | | | | | | | | | with machine creds. Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Mar 14 19:38:48 CET 2016 on sn-devel-144
* s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.Günther Deschner2016-03-141-1/+17
| | | | | | | | | Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:libnet:libnet_join: define list of desired encryption types only once.Günther Deschner2016-03-141-10/+14
| | | | | | | | | Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:libnet:libnet_join: always try to create machineaccount via LDAP first.Günther Deschner2016-03-141-3/+25
| | | | | | | | | Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:libnet:libnet_join: prepare to allow connecting with machine creds.Günther Deschner2016-03-141-5/+68
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute ↵Günther Deschner2016-03-141-0/+46
| | | | | | | | | | | on ldap_add" This partly reverts commit 0c74d62524db376b6a3fac00c688be0cdffcaa80. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-libnet: Allow the keytab function to use a relative pathAndreas Schneider2016-03-101-1/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-libads: Pass down the salt principal in smb_krb5_kt_add_entry()Andreas Schneider2016-03-101-3/+26
| | | | | | | This is a preparation to move smb_krb5_kt_add_entry() to krb5_wrap. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libnet: make Kerberos domain join site-awareUri Simchoni2016-03-081-0/+52
| | | | | | | | | | | | | | | When joining a domain using Kerberos authentication, create a configuration file for the Kerberos libs to prefer on-site domain controllers, without relying on the winbindd Kerberos locator, which many not be operational at this stage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769 Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 8 01:30:35 CET 2016 on sn-devel-144
* s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_addStefan Metzmacher2016-02-261-65/+0
| | | | | | | | | | | | | We may not have the permission to modify the object after creation. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Jacke <bj@sernet.de> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Feb 26 11:30:03 CET 2016 on sn-devel-144
* repl: Give an error if we get a secret when not expecting oneAndrew Bartlett2015-10-261-0/+1
| | | | | | | | | We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING This asserts that this is the case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* net: fix the order of DC lookup methods when joining a domainUri Simchoni2015-07-091-1/+8
| | | | | | | | | | | | | | | | The dsgetdcname() function is able to try just DNS lookup, just NetBIOS, or start with DNS and fall back to NetBIOS. For "net ads join", we know most of the time whether the name of the domain we're joining is a DNS name or a NetBIOS name. In that case, it makes no sense to try both lookup methods, especially that DNS may fail and we want to fall back from site-aware DNS lookup to site-less DNS lookup, with no NetBIOS lookup in between. This change lets "net ads join" tell libnet what is the type of the domain name, if it is known. Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
* Convert uint64 to uint64_tRichard Sharpe2015-05-152-4/+4
| | | | | | | We seemed to have very few uses of that. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Convert uint32/16/8 to _t in source3/libnet.Richard Sharpe2015-05-132-9/+9
| | | | | Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:libnet: remove unused variablesStefan Metzmacher2015-03-201-16/+0
| | | | Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:libnet: use cli_credentials based functions in libnet_join_ok()Stefan Metzmacher2015-03-121-40/+25
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* allow net ads join accept new osServicePack parameterNoel Power2015-01-081-2/+13
| | | | | | | | | | | | | | | | | | | osServicePack paramater allows the default behaviour ( which is to use the samba version string as the operatingSystemServicePack attribute ) to be overridden Additionally make sure if blank string is passed that it is treated as attribute deletion. This is necessary as values for the os attributes are eventually passed to ads_modlist_add if the value is "" then the attempt to add this attribute fails in the underlying ldap 'ldap_modfiy_ext_s' function. In this case we need to pass NULL as the value to force deletion of the ldap attribute Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 8 00:18:05 CET 2015 on sn-devel-104
View Lorry Controller Status