Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|
|
Guenther
(This used to be commit cfc6e7a2e657ee55364b739d9fe0093e4f7c8b27)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220df622322857dfe102fa35e108f932dc)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
metze
(This used to be commit aa28bcc4669bf08f73815d00cd87c854d2ac1e92)
|
|
Guenther
(This used to be commit 27c35848ebc6d72fd4fccbb6597b63787230f80c)
|
|
(This used to be commit 964d95bce6bbaf985ed8cd50daee8216bc446a28)
|
|
for the enumeration loop (following msdn docs of that call).
Guenther
(This used to be commit 138a921f82a02991eed7ab7d958ec7ea78608684)
|
|
Guenther
(This used to be commit bd546edc482d42c6d783f474eeffa8a8086efd83)
|
|
Guenther
(This used to be commit 1a307954e5ddc1441524eb6d22258be387cca9d4)
|
|
* move OUR_HANDLE macro to include/rpc_misc.h
(This used to be commit 2b37079af2f569df7a58878150a61980c6fe06ee)
|
|
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain. This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).
The precalculated blobs do not reveal the plaintext password.
Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
|
|
(This used to be commit 555984ea772730a5752905f1130e0bf6ec48207f)
|
|
samr_query_domain_info(2) for consistency reasons.
Guenther
(This used to be commit 870495e2c8628deee0498e68cc1d93abfbc56da4)
|
|
Guenther
(This used to be commit 6ed7d7fa70e3f750f921192c0f75594d608875b7)
|
|
Guenther
(This used to be commit 0ae3fddf95a95ec8a2f4d52e1276c1721b33ddfd)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
Guenther
(This used to be commit 290a581b7567eab82b18fbadae9aa2ab29e95069)
|
|
Guenther
(This used to be commit d27771ca1d046aa7fc0c15d410d9fe83da85428f)
|
|
Guenther
(This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
|
|
Implement 'net rpc shell account' -- An editor for account policies
nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.
Volker
(This used to be commit fc73690a7000d5a3f0f5ad34461c1f3a87edeac5)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Guenther
(This used to be commit 0705fed566efdeab05d605dd239afe67ca5e9811)
|
|
Guenther
(This used to be commit a8bc4bc902075cfd009dc92674c4560a44a74277)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
MMC manage computer plugin.
(This used to be commit c43c1ec80cb52569ccabcdf95e4004386ecb29d6)
|
|
samr_remove_sid_from_foreign_domain.
(This used to be commit 8360695fc02dfb09aff92a434bf9d411e65c478c)
|
|
rejects
everything but 1000 here, so there's no point in exposing that to the caller.
Thanks,
Volker
(This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
|
|
Thanks,
Volker
(This used to be commit 43dcf0f5cb5dc2dd37ab3cdc2905970d9cc50ba4)
|
|
(This used to be commit a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)
|
|
more than
one pointer...
Volker
(This used to be commit f2f08b64a53f6efd3154ff2656ecacc86872a18c)
|
|
future
patches.
Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is
referenced. First step towards having multiple pipes on a cli_struct. The idea
is to not have a single nt_pipe_fnum but an array for the pipes we support.
Volker
(This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(This used to be commit 2cbcc07b7b1b78b1bed95bfd8b8fc34016553201)
|
|
delete'.
Volker
(This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
|
|
Volker
(This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
|
|
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
|
|
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
|
|
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
(server-side support to follow shortly)
Andrew Bartlett
(This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
Volker
(This used to be commit ccdcd88732c99497fc563379df7837c35eba72be)
|
|
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
|
|
Volker
(This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
|
|
called. This is *essential* (and should be done on all the other cli_XX
rpc calls) to help debug winbindd problems remotely.
Jeremy.
(This used to be commit bc215612cb7c1abc7fb78eda4016ba9e64cdc785)
|
|
Andrew Bartlett
(This used to be commit 97bc047434284527f25e130a72981da704ed1212)
|
|
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a
talloc fails
- don't try and tallocate memory when the number of entries returned was
zero
- rename some cut&pasted variable names in enum domain aliases function
(This used to be commit aa748e1da543f0e59df8a56996ebd9510732507e)
|