Age | Commit message (Collapse) | Author | Files | Lines |
|
- NTLM2 fixes, don't force NTLM2
- Don't use NTLM2 for RPC, it doesn't work yet
- Add comments to winbindd_pam.c
- Merge 64 bit fixes and better debug messages in winbindd.c
Andrew Bartlett
(This used to be commit ba94e4a1ab6dc3335bbb29686ca6795d0ffad5b0)
|
|
check_bind_response()
(This used to be commit 84f0e97e5882375b765b818e89a6d96736cd5932)
|
|
Changes all over the shop, but all towards:
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to
merge the 'client' and 'server' functions, so they both operate on a
single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of
data structures...
Andrew Bartlett
(This used to be commit 57a895aaabacc0c9147344d097d333793b77c947)
|
|
This fixes a bug when establishing trust against a german W2k3 AD server. In
the bind response to WKSSVC it does not send \PIPE\ntsvcs as NT4 (did not
check w2k) but \PIPE\wkssvc. I'm not sure whether we should make this check at
all, so making it a bit more liberal should hopefully not really hurt.
Volker
(This used to be commit dbd17dd0366d6cd20a2d5d8247dd5842563da2ca)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 9d2e585e5e6f9066c6901aa8d8308734f8667296)
|
|
(This used to be commit c17a7dc9a190156a069da3e861c18fd3f81224ad)
|
|
(This used to be commit 3101c236b8241dc0183995ffceed551876427de4)
|
|
prior to this merge, checkout HEAD_PRE_3_0_0_BETA_3_MERGE
(This used to be commit adb98e7b7cd0f025b52c570e4034eebf4047b1ad)
|
|
(This used to be commit dd063a298f9d5244d7b79c029c563b4d966019c1)
|
|
Jeremy.
(This used to be commit 30512b7d3ea3470e4aca08638a5c0ea14791a6e7)
|
|
multi-PDU encode/decode with SCHANNEL. Also need to test against WNT DC.
Jeremy.
(This used to be commit ec82e8e9f4a6bf807a91ac265af39a516c7ab631)
|
|
(This used to be commit 27a608d6a337e772dce114d73e45f6d0bf3148b4)
|
|
rpcclient -S pdc -U% -c "samlogon user password"
and it should work with the schannel. Needs testing platforms
different from NT4SP6.
Volker
(This used to be commit ecd0ee4d248e750168597ccf79c389513bb0f740)
|
|
Removed a dead function.
(This used to be commit a1c790b5ea8de120a1d8710ac190955aea28246f)
|
|
(This used to be commit 056bdfbce73bbd7ddaa198d18e596b94b2224d3d)
|
|
This patch makes Samba compile cleanly with -Wwrite-strings.
- That is, all string literals are marked as 'const'. These strings are
always read only, this just marks them as such for passing to other functions.
What is most supprising is that I didn't need to change more than a few lines of code (all
in 'net', which got a small cleanup of net.h and extern variables). The rest
is just adding a lot of 'const'.
As far as I can tell, I have not added any new warnings - apart from making all
of tdbutil.c's function const (so they warn for adding that const string to
struct).
Andrew Bartlett
(This used to be commit 92a777d0eaa4fb3a1c7835816f93c6bdd456816d)
|
|
which we can use to link against Samba unit test programs. Now we can
compile and link unit tests without having to create 4MB executables
for each program
It's called libbigballofmud.so both to discourage casual usage and
also to reflect what the dependencies within Samba have become.
(This used to be commit fdce4be719d7a81f25a4bae05934a5590038ec47)
|
|
dashes of const. This is a rather large check-in, some things may break.
It does compile though :-).
Jeremy.
(This used to be commit 82b8f749a36b42e22186297482aad2abb04fab8a)
|
|
(This used to be commit 1fd6d34526e577b8a5463e3abcfb8fc3682e6473)
|
|
(This used to be commit d423e6424bc3c61281ad30cd1c66540b522b5d3e)
|
|
(This used to be commit 62ab0f8cbe7c517084383bdc9a8c97404ad27147)
|
|
generates some errors we haven't seen before which are inappropriately
logged at level 0.
(This used to be commit bd64de3716ffa9c3ebec282aa5cc0f773d3d8096)
|
|
of range instead of silently failing.
(This used to be commit b5111f47b5cf1820550e17663f983674b67bcaff)
|
|
* s/driverlocation/comment
* detect native mode domain and enumerate local groups
Also
* Added sendfile stats from SAMBA_2_2
(This used to be commit 764b58e2c0b3179cffe157c0ab58761b156b8423)
|
|
(This used to be commit dd948a302ad6bd4307ecdfb10510e12185150eae)
|
|
(This used to be commit f70caa25e4ee198151b915cf2bc0a26b2d0e243d)
|
|
from APP_HEAD
(This used to be commit 38c9e4299845fd77cc8629945ce2d259489f7437)
|
|
send us. As it stands, we incorrectly set it to the number of bytes we are
sending. Correcting this by setting a static value of 1024 (This could even be
something larger). Improves RPC client performance.
(This used to be commit b0bd42c9466f41dc87a11fd6065620f93c8ebc40)
|
|
(This used to be commit 897e64d2e0c1d04ab93441ccaffe369bf43be46e)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
buffer up to the current position, and use this to dump pipe buffers
just before parsing.
(This used to be commit 92a3ab274e6cf09a8ba39b91f8bbacba6de40b37)
|
|
(This used to be commit 93fadcd1118b390605d2504bee63a1e8b6373ac5)
|
|
so that we can print it in later debug messages.
Call prs_dump to dump out requests sent by the client at sufficiently
high debug levels.
(This used to be commit 9973b22b34dc2a88a20b821d4e69f39d2a6aa6a3)
|
|
Got "medieval on our ass" about const warnings (as many as I could :-).
Jeremy.
(This used to be commit ee5e7ca547eff016818ba5c43b8ea0c9fa69b808)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
(This used to be commit 549fe42bd48b3418e63ba4872bc5992dae46d514)
|
|
(This used to be commit b196a52483a6e4ac1e4c311ff43d3c07fca031df)
|
|
(This used to be commit 688da3c41dd944f7f69083518d25e9edbc55406f)
|
|
Jeremy.
(This used to be commit 2999eab5abe86bf08e693800c01ad544f04e4d6c)
|
|
for and ignore ERRmoredata errors as the client library doesn't support
32-bit error messages.
Added some annotations for the RPC pipe code to make it a bit clearer
maybe.
(This used to be commit f179e0ff61794073aedcf77544865ad2f18c6e6d)
|
|
(This used to be commit b49c4cd441717b0edf4ad3da0edddca474a08748)
|
|
on different pipes. This seriously confuses NT. Unfortunately HEAD
branch is limited to one rpc pipe per connection as the fnum is stored
inside the cli_state structure. It should really be broken out into
it's own structure so multiple pipes can be opened on one TCP/IP socket.
What a good idea! But look over here! I've already done it in another
workarea but it will require a day or two to refactor some of the internal
samba rpc client stuff (i.e netlogon requests) so it will remain uncommitted
for another while.
(This used to be commit 657804f3be2b621c8ee15bdb905879e208f9ca2f)
|
|
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
|
|
(This used to be commit ba3ce3404e1cd2e9da3ba1708f6fc8a12c085ef2)
|
|
(This used to be commit c9e4dea1cbcf6aa748f5cb10f226345dd2f1adbf)
|
|
(This used to be commit a2d07994e0376a8d530d262573c96710bdff2236)
|
|
NT_STATUS_XXX).
Removed IS_BITS_xxx macros as they were just reproducing "C" syntax in a more
obscure way.
Jeremy.
(This used to be commit c55bcec817f47d6162466b193d533c877194124a)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
(This used to be commit dea06ad7a554089a7394cdcb6bf5a766e8e8a6c3)
|
|
currently as I have to do something about the policy handle caching
issues.
--jerry
(This used to be commit 233b074f490b3b01f3a462284aa8117536df0082)
|