Age | Commit message (Collapse) | Author | Files | Lines |
|
makes fixes much easier to port. Fix the size of dc->sess_key to
be 16 bytes, not 8 bytes - only store 8 bytes in the inter-smbd
store in secrets.tdb though. Should fix some uses of the dc->sess_key
where we where assuming we could read 16 bytes.
Jeremy.
(This used to be commit 5b3c2e63c73fee8949108abe19ac7a448a033a7f)
|
|
Fix that, and also add in comments for all possible CL and CO PDU
types. Make sure we process them correctly.
Jeremy.
(This used to be commit 672113a627aa9060795871bc2ea3a02e696d7d7d)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Jeremy.
(This used to be commit fd6e342746edfda2f25df1ae0067d359b756e0cd)
|
|
as a uint32 - you'll just get it wrong (as I did :-).
Second attempt to fix the Apple client issues.
Jeremy.
(This used to be commit d2aa5bc7aaa9fe11fa4748f99e4ba49be08aa639)
|
|
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5821c89149b1403d08675dd7db8039e)
|
|
for setting up an schannel connection. This solves the problem
of a Samba DC running winbind, trusting a native mode AD domain,
and needing to enumerate AD users via wbinfo -u.
(This used to be commit e9f109d1b38e0b0adec9b7e9a907f90a79d297ea)
|
|
support 128 bit encryption
(This used to be commit 316ba5ad89ddfa445d44d28141c5901fc64aec90)
|
|
(This used to be commit 911a28361b9d8dd50597627f245ebfb57c6294fb)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
|
|
There is a workaround documented in the bug report.
This patch does:
* add server support for the LSA_DS UUID on the lsarpc pipe
* store a list of context_ids/api_structs in the pipe_struct
so that we don't have to lookup the function table for a pipe.
We just match the context_id. Note that a dce/rpc alter_context
does not destroy the previous context so it is possible to
have multiple bindings active on the same pipe. Observed from
standalone win2k sp4 client.
* added server code for DsROleGetPrimaryDOmainInfo() but disabled it
since it causes problems enumerating users and groups from a 2ksp4
domain member in a Samba domain.
(This used to be commit 96bc2abfcb0dd0912696fad76e43cb217b33e061)
|
|
Jeremy.
(This used to be commit 68590b9e2266cf76b46a68cca0acaa47733811fe)
|
|
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
|
|
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC.
Jeremy.
(This used to be commit ff66d4097088409205b6bad5124a78ef9946010d)
|
|
Volker
(This used to be commit 36362c602ba03ae5e89956b16820d5dff580bee7)
|
|
No more XP requiresignorseal anymore!
Thanks again to Luke :-)
Volker
(This used to be commit 6b2b55901d66cab0c0c0c90bd0585c870be6e468)
|
|
*sync up configure.in
*don't build torture tools in make all
*make sure to remove torture tools as part of make clean
(This used to be commit 0fb724b3216eeeb97e61ff12755ca3a31bcad6ef)
|
|
warnings. (Adds a lot of const).
Andrew Bartlett
(This used to be commit 3a7458f9472432ef12c43008414925fd1ce8ea0c)
|
|
(This used to be commit 028477e35208e76fedbc7c743426fd9be94b7cf0)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
(This used to be commit 1d36250e338ae0ff9fbbf86019809205dd97d05e)
|
|
functions work now:
- spoolenum
- spoolopen
- spoolgetprinter
- spoolgetprinterdriver
Items todo:
- track down memory bug with spoolenumdata
- fix spoolgetprinterdriverdir
- fix spoolgetdata
- fix display_job_info_ctr in spooljobs
All part of the ongoing rpcclient work.
Also included a new generic list ADT. Cleaner and simplier
than the stuff in util_array.c i think (but then that's why I wrote it).
--jerry
(This used to be commit 381aba2c9a63faa53728f0520ac316478bc7a1c3)
|
|
unknown rpc calls. Win2k now correctly shows the owners of files.
Jeremy.
(This used to be commit 066898689f496dc655c3f0a553ac5e884e078022)
|
|
J.F.
(This used to be commit 853a1a3027dde7608027dc78f6e15789d5fc9152)
|
|
(This used to be commit 453a822a76780063dff23526c35408866d0c0154)
|
|
- disabled (AGAIN) the GETDC "if (MAILSLOT\NTLOGON)" code that will get
NT5rc2 to work but WILL break win95 (AGAIN). this needs _not_ to be
re-enabled but to be replaced with a better mechanism.
- added SMBwrite support (note: SMBwriteX already existed) as NT5rc2 is
sending DCE/RPC over SMBwrite not SMBwriteX.
(This used to be commit 25c70e3c984c4fed19763ed405741e83fe14f87e)
|
|
another RPC authentication system.
(This used to be commit 1a211bafebad8c63d98b5ef275a6272013527c65)
|
|
(This used to be commit ab1a6aa42db5217f025941fb5107436556bc23b7)
|
|
(This used to be commit 0ddc301b690abfa5fafbf2eb9a65fefc1ef58afb)
|
|
include/ntdomain.h : added rpc_spoolss.h include statement
include/proto.h
include/rpc_dce.h : added definition of RPC_ALTER_CONTEXT request &
reply
param/loadparm.c : 2 new options for NT printing support and some
changes to initial values in the LPRNG case.
rpc_parse/parse_prs.c : added prs_uint16s()
rpc_parse/parse_rpc.c : added SYNT_SPOOLSS_V1 and code for the
alter-context support.
rpc_server/srv_pipe.c : alter-context support
smbd/nttrans.c
smbd/server.c
include/rpc_misc.h
Makefile.in
include/smb.h
Jean Francois
(This used to be commit 4c515804b70254248e378a3f90f47e4c32639d29)
|
|
(This used to be commit 36fcb4a6e643a05d06a2a273d74318fee7f2c647)
|
|
(This used to be commit 69f5f9f88935de1f63ffc9aa19c0629b395e66e6)
|
|
(This used to be commit 62fdeef1b79c5c4c9bf0e860881651711bb80b9a)
|
|
Luke, I fixed this yesterday as well! grumble.
(This used to be commit da5234faa0373f5b913a135b2557f2ca9e30111c)
|
|
(This used to be commit 6677b888bdb45df00646eb7cc13005b9465ff971)
|
|
(This used to be commit 34afa638f6f7bb145ec094510ac58f7a22dfc3aa)
|
|
(This used to be commit c1d2d4e27125cbd463f520d1109e7c7988b58222)
|
|
(This used to be commit eb279cabd059603b6c8d9b74e4fd31c4ffe87593)
|
|
ipc.c: Added Luke's debug statement.
locking_slow.c: Added FTRUNCATE_NEEDS_ROOT code for broken systems that
need it (not sure what these are yet).
membuffer.c ntdomain.h proto.h
lib/rpc/include/rpc_dce.h lib/rpc/include/rpc_srvsvc.h
lib/rpc/parse/parse_prs.c lib/rpc/parse/parse_rpc.c
lib/rpc/server/srv_pipe_hnd.c lib/rpc/server/srv_util.c:
Re-merge of Luke's NTDOM changes 'cos he's a lazy git with
carpel tunnel syndrome :-).
Jeremy.
(This used to be commit 52e3966fbcf7b5fbdbc7cbe9ac0b453ab5bf3217)
|
|
all I saw" - the book of Jeremy, chapter 1 :-).
So here is the mega-merge of the NTDOM branch server code.
It doesn't include the new client side pieces, we'll look
at that later.
This should give the same functionality, server wise, as
the NTDOM branch does, only merged into the main branch.
Any fixes to domain controler functionality should be
added to the main branch, not the NTDOM branch.
This code compiles without warnings on gcc2.8, but will
need further testing before we are sure all the working
functionality of the NTDOM server branch has been
correctly carried over.
I hereby declare the server side of the NTDOM branch
dead (and all who sail in her :-).
Jeremy.
(This used to be commit 118ba4d77a33248e762a2cf843fb7cbc906ee6e7)
|