diff options
author | Volker Lendecke <vlendec@samba.org> | 2005-10-09 20:32:24 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:39:36 -0500 |
commit | 9e5d44d56733f598e0a25ad1e72eccf3267be51a (patch) | |
tree | 3d870490a40bbda69246ec22a9a80484e613b06c /COPYING | |
parent | 01d23b0e5454f317c1529fed829d24a32fdcc44d (diff) | |
download | samba-9e5d44d56733f598e0a25ad1e72eccf3267be51a.tar.gz samba-9e5d44d56733f598e0a25ad1e72eccf3267be51a.tar.bz2 samba-9e5d44d56733f598e0a25ad1e72eccf3267be51a.zip |
r10852: Continuation-based programming can become a bit spaghetti...
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
(This used to be commit 3e69fdc07cd76b4bc01b032148609ee4b59b8be7)
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions