| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Patch from Jeremy.
With this patch, I was able to join Windows 7 RC to a Samba3 DC, and login into a
Samba 3 Domain.
There are still two registry settings required:
HKLM\System\CCS\Services\LanmanWorkstation\Parameters
DWORD DomainCompatibilityMode = 1
DWORD DNSNameResolutionRequired = 0
Do *not* modify the other netlogon registry parameters that were passed around,
they weaken security.
Guenther
(cherry picked from commit b5097d54cb74ca0ea328f9e029562f65f4a01134)
|
|
|
|
Guenther
|
|
Guenther
|
|
Another 4k per open pipe
|
|
This makes an open pipe about 4K cheaper
|
|
This was mainly used for debugging output
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(This used to be commit e11b5cb1e061caf4c3793fb402ca6bee95a8f26c)
|
|
(This used to be commit 10b47a0c2cfd62489428518112da82f73a52b7bc)
|
|
(This used to be commit defcf0eecfb8eb035d9ca80530720b9e6873f6c7)
|
|
The per-server xxx_get_pipe_fns functions can go once all the RPC servers are
converted
(This used to be commit 6aa2391cbe1cbda8269ded767117f53d83b243e1)
|
|
The users can use p->server_info.
Now pipes_struct is decoupled from the SMB transport.
(This used to be commit d4cf5a131919530317cd457006b4df5af2c69fa7)
|
|
(This used to be commit aefad64e3a5c86d2f988d47e6215ed2085b8fc47)
|
|
(This used to be commit d621867bb8767e1c4236d28dd9294a61db6cbb10)
|
|
For spoolss, we need the client's IP address
(This used to be commit 64a4dfaa826cf9319ef3f5c65023352bf8af539e)
|
|
(This used to be commit 829b1ad4697f2f1ea008377d591456722dccd025)
|
|
(This used to be commit 32cd4bf34b614f7bb0b05a7ae5d7eb51d208a7c7)
|
|
(This used to be commit d1f82b7e67a791e19d08c682b607d82ae649feb4)
|
|
(This used to be commit aacb07b1b0f674b8cb92347ef4b4dd1e7808dde8)
|
|
This allows to remove some more old netlogon client calls.
Guenther
(This used to be commit c0b1a876583230a5130f5df1965d6c742961bcdc)
|
|
Convert "name" from string to a talloc'ed char *
(This used to be commit e82069f921b3a22295db91e092c22c459ccd7215)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
Jeremy.
(This used to be commit 7632f8fb4003657591778d2b55f546d1737859d1)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
filled, at
least with dummy routines. We need a way to indicate that we do not support a
call, so that srv_pipe_hnd.c can return the DCE level RNG_ERROR.
This flag can be set in the backend routines for this one. I'll change pidl to
generate code to "return False" in srv_lsa.c if this flag is set.
Volker
(This used to be commit 5260657664caf9546d324a81c392f0d9e8532d58)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
Jeremy.
(This used to be commit ea82958349a57ef4b7ce9638eec5f1388b0fba2a)
|
|
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
|
|
(This used to be commit b9d1a659109daeeb625f3e6caf7ec706ccdde230)
|
|
Ensure that the mach_acct and remote machine entries are
set correctly in struct dcinfo - we'll need this as a key
for a persistent schannel state later.
Jeremy.
(This used to be commit 47269b5c7161d740c2e86227de3acd9e08c53817)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36527cd8c52ef720cae17e84f67e7221)
|
|
segvs
(This used to be commit 25121547caaaed0d60f4db7458570c14e7d21b2a)
|
|
in the late 1990's may be more appropriate though.
(This used to be commit 4c881b7a9e40307710ec860375985dc2145f2dd8)
|
|
my (C) to a header file that was at least 50% mine :-).
Jeremy.
(This used to be commit 8ee6060977ec8e65082f3ad09e1e1ccf5b4672ed)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
(This used to be commit b393469d9581f20e4d4c52633b952ee984cca36f)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
#534
(This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
|
|
There is a workaround documented in the bug report.
This patch does:
* add server support for the LSA_DS UUID on the lsarpc pipe
* store a list of context_ids/api_structs in the pipe_struct
so that we don't have to lookup the function table for a pipe.
We just match the context_id. Note that a dce/rpc alter_context
does not destroy the previous context so it is possible to
have multiple bindings active on the same pipe. Observed from
standalone win2k sp4 client.
* added server code for DsROleGetPrimaryDOmainInfo() but disabled it
since it causes problems enumerating users and groups from a 2ksp4
domain member in a Samba domain.
(This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
|
|
(This used to be commit b0fd4e5555dd93c584cd86eaac080663b9e4031f)
|
|
Only compiled in when --enable-developer argument passed to configure.
(This used to be commit 017da9393bab276543d0d5c50df8c760780f2450)
|
