summaryrefslogtreecommitdiff
path: root/source3/libnet
Commit message (Collapse)AuthorAgeFilesLines
* libnet_join: add SPNs for additional-dns-hostnames entriesIsaac Boukris2019-10-251-0/+27
| | | | | | | | | | | | | and set msDS-AdditionalDnsHostName to the specified list. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184
* libnet_join_set_machine_spn: simplify adding uniq spn to arrayIsaac Boukris2019-10-251-33/+23
| | | | | | | | | | | and do not skip adding a fully qualified spn to netbios-aliases in case a short spn already existed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* libnet_join_set_machine_spn: simplify memory handlingIsaac Boukris2019-10-251-32/+42
| | | | | | | | | | | and avoid a possible memory leak when passing null to add_string_to_array() as mem_ctx. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* libnet_join_set_machine_spn: improve style and make a bit room for indentationIsaac Boukris2019-10-251-48/+47
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* libnet_join: build dnsHostName from netbios name and lp_dnsdomain()Isaac Boukris2019-10-251-20/+11
| | | | | | | | | | | | This make the join process much more reliable, and avoids "Constraint violation" error when the fqdn returned from getaddrinfo has already got assigned an SPN. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Just change the machine password if account already existsAndreas Schneider2019-10-091-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libnet: Improve debug messagesAndreas Schneider2019-10-091-2/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libads: Fix creating machine account using LDAPAndreas Schneider2019-10-091-7/+16
| | | | | | | | | | | This implements the same behaviour as Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13884 Pair-Programmed-With: Guenther Deschner <gd@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:libnet: Require sealed LDAP SASL connections for joiningAndreas Schneider2019-10-091-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:rpc_client: Return NTSTATUS for init_samr_CryptPasswordEx()Andreas Schneider2019-07-261-3/+6
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:rpc_client: Return NTSTATUS for init_samr_CryptPassword()Andreas Schneider2019-07-261-3/+7
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3-libnet_join: allow fallback to NTLMSSP auth in libnet_joinGünther Deschner2019-04-031-0/+2
| | | | | | | | | | | | | | | | | When a non-DNS and non-default admin domain is provided during the join sometimes we might not be able to kinit with 'user@SHORTDOMAINNAME' (e.g. when the winbind krb5 locator is not installed). In that case lets fallback to NTLMSSP, like we do in winbind. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Apr 3 18:57:31 UTC 2019 on sn-devel-144
* s3-libnet_join: setup libnet join error string when AD connect failsGünther Deschner2019-04-031-0/+3
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3-libnet_join: always pass down admin domain to ads layerGünther Deschner2019-04-031-0/+12
| | | | | | | | | | | | Otherwise we could loose the information that a non-default domain name has been used for admin creds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet: Use more secure name for the JOIN krb5.confAndreas Schneider2019-04-021-3/+5
| | | | | | | | | | Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet: Fix debug message in libnet_DomainJoin()Guenther Deschner2019-04-021-2/+2
| | | | | | | | A newline is missing but also use DBG_INFO macro and cleanup spelling. Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libnet: Use dom_sid_str_bufVolker Lendecke2018-12-201-23/+32
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libnet: Add kerberos tracingSwen Schillig2018-12-191-4/+3
| | | | | | | | | | Replace kerberos context initialization from raw krb5_init_context() to smb_krb5_init_context_basic() which is adding common tracing as well. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* libnet: Use dom_sid_str_bufVolker Lendecke2018-12-111-1/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libnet: Use dom_sid_str_bufVolker Lendecke2018-12-071-6/+8
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libads: Give krb5_errs.c its own headerVolker Lendecke2018-11-272-0/+2
| | | | | | | | The protos were declared in lib/krb5_wrap but the functions are not available there. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:libads: Add net ads leave keep-account optionJustin Stephenson2018-07-301-0/+2
| | | | | | | | | | | Add the ability to leave the domain with --keep-account argument to avoid removal of the host machine account. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13498 Signed-off-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* libsmb: Give dsgetdcname.c its own headerVolker Lendecke2018-04-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libsmb: Give namequery.c its own headerVolker Lendecke2018-04-111-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3-libnet: move rpc_join label into HAVE_ADS block with only callerAndrew Bartlett2018-03-221-1/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: make use of create_builtin_guests()Stefan Metzmacher2018-03-191-0/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet: Add FALL_THROUGH statements in libnet_join.cAndreas Schneider2018-03-011-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libnet_join: fix "net rpc oldjoin"Stefan Metzmacher2017-11-181-8/+45
| | | | | | | | | | | | | | We need to open the ncacn_np (smb) transport connection with anonymous credentials. In order to do netr_ServerPasswordSet*() we need to establish a 2nd netlogon connection using dcerpc schannel authentication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Avoid a ZERO_STRUCT, save a few bytes .textVolker Lendecke2017-11-131-3/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* rpc_client3: Avoid "cli_credentials" in cli_rpc_pipe_open_schannel_with_credsVolker Lendecke2017-09-251-1/+0
| | | | | | | | | This provides cleaner data dependencies. A netlogon_creds_ctx contains everything required to open an schannel, there is no good reason to require cli_credentials here. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libnet: Remove libnet_samsyncVolker Lendecke2017-09-206-3412/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* cli_netlogon: Eliminate rpccli_setup_netlogon_creds_with_credsVolker Lendecke2017-09-161-5/+5
| | | | | | | Inlining the code from rpccli_setup_netlogon_creds Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* cli_netlogon: Rename rpccli_create_netlogon_creds_with_credsVolker Lendecke2017-09-161-6/+6
| | | | | | | This creates a context with access to a credentials, not credentials Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libnet: Use rpccli_setup_netlogon_creds_with_creds in join_unsecureVolker Lendecke2017-09-161-9/+7
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libnet: Use rpccli_create_netlogon_creds_with_creds in join_unsecureVolker Lendecke2017-09-161-8/+18
| | | | | | | | rpccli_create_netlogon_creds_with_creds just extracts the values we set here from cli_credentials, and the lower-level interface is supposed to go away. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* cli_netlogon: Pass server_dns_domain through rpccli_create_netlogon_credsVolker Lendecke2017-09-161-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libnet: make use of secrets_store_JoinCtx()Stefan Metzmacher2017-06-271-21/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: pass the cleartext blob to netlogon_creds_cli_ServerPasswordSet*()Stefan Metzmacher2017-06-271-1/+18
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:secrets: let secrets_delete_machine_password_ex() also remove the ↵Stefan Metzmacher2017-06-271-5/+4
| | | | | | | | | des_salt key BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:secrets: let secrets_delete_machine_password_ex() remove SID and GUID tooStefan Metzmacher2017-06-271-4/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:secrets: move kerberos_secrets_*salt related functions to ↵Stefan Metzmacher2017-06-271-0/+1
| | | | | | | | | | | | machine_account_secrets.c These don't use any krb5_context related functions and they just work on secrets.tdb, so they really belong to machine_account_secrets.c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet: make use of kerberos_secrets_fetch_salt_princ()Stefan Metzmacher2017-06-271-3/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: move kerberos_secrets_store_des_salt() to ↵Stefan Metzmacher2017-06-271-11/+10
| | | | | | | | | libnet_join_joindomain_store_secrets() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: move libnet_join_joindomain_store_secrets() to ↵Stefan Metzmacher2017-06-271-5/+4
| | | | | | | | | | | | libnet_join_post_processing() We should not store the secrets before we did all remote changes (except the optional dns updates). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: call do_JoinConfig() after we did remote changes on the serverStefan Metzmacher2017-06-271-5/+10
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: split libnet_join_post_processing_ads() into modify/syncStefan Metzmacher2017-06-271-3/+21
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: move kerberos_secrets_store_des_salt() out of ↵Stefan Metzmacher2017-06-271-1/+12
| | | | | | | | | | | libnet_join_derive_salting_principal() We should separate the calculation and the storing steps. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: remember r->out.krb5_salt in ↵Stefan Metzmacher2017-06-271-0/+1
| | | | | | | | | libnet_join_derive_salting_principal() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: remember the domain_guid for AD domainsStefan Metzmacher2017-06-271-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:libnet_join: calculate r->out.account_name in libnet_join_pre_processing()Stefan Metzmacher2017-06-271-9/+9
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
View Lorry Controller Status