Age | Commit message (Collapse) | Author | Files | Lines |
|
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
(This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
|
|
(This used to be commit 3fc85d22590550f0539215d020e4411bf5b14363)
|
|
(This used to be commit 376de8a0e4194e186b460911e3319b0f4448203e)
|
|
hand-written ones.
Guenther
(This used to be commit d5ebfccebb1f1b56b45673a506fcdb414103c43b)
|
|
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f)
|
|
Michael
(This used to be commit 6a7f2a59fc370e226ddacb195059155f28c6c157)
|
|
This removes one forgotten call of cli_rpc_pipe_close(netlogon_pipe).
Correction of e77c4022cfbb868e608edcb06b676658b0e201ad.
Michael
(This used to be commit 7f6593cddef048dd05140b05d306c708d8134f0e)
|
|
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
(This used to be commit e77c4022cfbb868e608edcb06b676658b0e201ad)
|
|
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
|
|
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|
|
Make us very explicit about how long a talloc ctx
should last.
Jeremy.
(This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
|
|
Jeremy.
(This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
|
|
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba7346597425307e260e88647e49081f68)
|
|
(This used to be commit 918aad0d8b4b0c2caa8830726a17d3ad4d19f72a)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
metze
(This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|
|
Jeremy, I'm afraid you removed the "domain->initialized" from the
set_dc_types_and_flags() call when the connect to PI_LSARPC_DS failed
(with rev. 19148).
This causes now that init_dc_connection_network is called again and
again which in turn rescans the DC each time (which of course fails each
time with NT_STATUS_BUFFER_TOO_SMALL). Just continue with the
non-PI_LSARPC_DS scan so that the domain is initialized properly.
Guenther
(This used to be commit c6f63a08f55a4121cbe5aac537d2ef983dc25a97)
|
|
For the winbind cached ADS LDAP connection handling
(ads_cached_connection()) we were (incorrectly) assuming that the
service ticket lifetime equaled the tgt lifetime. For setups where the
service ticket just lives 10 minutes, we were leaving hundreds of LDAP
connections in CLOSE_WAIT state, until we fail to service entirely with
"Too many open files".
Also sequence_number() in winbindd_ads.c needs to delete the cached LDAP
connection after the ads_do_search_retry() has failed to submit the
search request (although the bind succeeded (returning an expired
service ticket that we cannot delete from the memory cred cache - this
will get fixed later)).
Guenther
(This used to be commit 7e1a84b7226fb8dcd5d34c64a3478a6d886a9a91)
|
|
in smb.conf. This did work before the join rewrite.
Samba will have problems if you try to run any of the daemons
with an incorrect workgroup but it should not fail to join.
The summary is that a member server should always use it's
own machine name when setting up schannel since that is
the only account it has. Thanks to Volker for the discussion.
(This used to be commit 95763b94f709fe1ad9e381dbc6b364c2f3759024)
|
|
cli_rpc_pipe_open_krb5.
Guenther
(This used to be commit fa19099112490daa085bb310f2f4ed877bb22b40)
|
|
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
|
|
Might need to rework prs_dcerpc_status().
Guenther
(This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
(This used to be commit e49ca3af8c2522aee670e6b807d7b3df31be47f6)
|
|
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
|
|
trigger coverity checks by testing for NULL.
Jeremy.
(This used to be commit 6b4484159293d725613249adbfa01472dea1c722)
|
|
from jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 00f8b4e1aa44904c91af8eb6ac4c3f196986c339)
|
|
not to, cope with a server that doesn't offer schannel also.
Jeremy
(This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
and followed up by derrell@samba.org.
Jeremy.
(This used to be commit 5cab88f1444177129bb5521ccc4afd8869e9bf25)
|
|
check in the DEBUG message referenced in the previous commit
(This used to be commit 6c04a8f9adfcd40fb0f1e1fcd4e22056ee463046)
|
|
1. Fix a crash bug which should have reared its ugly head ages ago, but for
some reason, remained dormant until recently. The bug pertained to
libsmbclient doing a structure assignment of a cli after having opened a
pipe. The pipe open code makes a copy of the cli pointer that was passed
to it. If the cli is later copied (and that cli pointer that was saved
is no longer valid), the pipe code will cause a crash during shutdown or
when the copied cli is closed.
2. The 'type' field in enumerated shares was not being set correctly with
the new RPC-based mechanism for enumerating shares.
(This used to be commit 62a02b8f2a1fcb66881a9c9636e0b27e3049c5a1)
|
|
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
|
|
a/c we were asking for.
Jeremy.
(This used to be commit 3ba5d02cff61d64dbab1fef28f74ea6509f4f8e9)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|
|
Jeremy.
(This used to be commit 92fa541f6e92c03a49372ff73f9790afa2c0151c)
|
|
Jeremy.
(This used to be commit 76408ddd5bec22bbbee2236101bf65b407d2c664)
|
|
Jeremy.
(This used to be commit ed62720f897ebf10f5ae50a3e9cf7788c9570183)
|
|
[in] parameters.
(This used to be commit 03a3caaddd5bf28a059d4edb5e55031f7e5de94a)
|
|
Jeremy.
(This used to be commit bb1ba9a9089b38bf400d48b992f7977ce926aeaf)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Jeremy.
(This used to be commit fd6e342746edfda2f25df1ae0067d359b756e0cd)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
tested this so I may have screwed this up - however it now follows the
DCE spec. valgrinded tests to follow....
Jeremy.
(This used to be commit 877e0a61f5821c89149b1403d08675dd7db8039e)
|