Age | Commit message (Collapse) | Author | Files | Lines |
|
Guenther
(This used to be commit 0ae3fddf95a95ec8a2f4d52e1276c1721b33ddfd)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
Guenther
(This used to be commit 290a581b7567eab82b18fbadae9aa2ab29e95069)
|
|
Guenther
(This used to be commit d27771ca1d046aa7fc0c15d410d9fe83da85428f)
|
|
Guenther
(This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
|
|
Implement 'net rpc shell account' -- An editor for account policies
nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.
Volker
(This used to be commit fc73690a7000d5a3f0f5ad34461c1f3a87edeac5)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
Guenther
(This used to be commit 0705fed566efdeab05d605dd239afe67ca5e9811)
|
|
Guenther
(This used to be commit a8bc4bc902075cfd009dc92674c4560a44a74277)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
MMC manage computer plugin.
(This used to be commit c43c1ec80cb52569ccabcdf95e4004386ecb29d6)
|
|
samr_remove_sid_from_foreign_domain.
(This used to be commit 8360695fc02dfb09aff92a434bf9d411e65c478c)
|
|
rejects
everything but 1000 here, so there's no point in exposing that to the caller.
Thanks,
Volker
(This used to be commit 03ec1bd9e54b065c0494bc57a3d78ac0ae28e234)
|
|
Thanks,
Volker
(This used to be commit 43dcf0f5cb5dc2dd37ab3cdc2905970d9cc50ba4)
|
|
(This used to be commit a24df21e66aeafb15e22f9ed4df7d9dded3e3b52)
|
|
more than
one pointer...
Volker
(This used to be commit f2f08b64a53f6efd3154ff2656ecacc86872a18c)
|
|
future
patches.
Pass down the pipe_idx down to all functions in cli_pipe where nt_pipe_fnum is
referenced. First step towards having multiple pipes on a cli_struct. The idea
is to not have a single nt_pipe_fnum but an array for the pipes we support.
Volker
(This used to be commit 93eab050201d4e55096a8820226749f001597b5d)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(This used to be commit 2cbcc07b7b1b78b1bed95bfd8b8fc34016553201)
|
|
delete'.
Volker
(This used to be commit ec321674961cc62c048b149ee19b6e36325c8eb3)
|
|
Volker
(This used to be commit e597420421e085b17dcdc062c5900518d0d4e685)
|
|
group_info4 in set_dom_group_info also has the level in the record
itself. This seems not to be an align. Tested with NT4 usrmgr.exe. It can
still create a domain group on a samba machine.
Volker
(This used to be commit 76c75bb8a7ad2a2e719dbbe997abf8aefe2fbbb4)
|
|
As well as avoiding DOS charset issues, this scheme returns useful error
codes, that we can map back via the pam interface.
This patch also cleans up the interfaces used for password buffers, to
avoid duplication of code.
Andrew Bartlett
(This used to be commit 2a2b1f0c872d154fbcce71a250e23dfad085ba1e)
|
|
This means that we now support 'net rpc join' with KRB5 (des based)
logins. Now, you need to hack 'net' to do that, but the principal is
important...
When we add kerberos to 'net rpc', it should be possible to still do
user management and the like over RPC.
(server-side support to follow shortly)
Andrew Bartlett
(This used to be commit 9ecf9408d98639186b283f1acf0fac46417547d0)
|
|
- NTLM2 support in the server
- KEY_EXCH support in the server
- variable length session keys.
In detail:
- NTLM2 is an extension of NTLMv1, that is compatible with existing
domain controllers (unlike NTLMv2, which requires a DC upgrade).
* This is known as 'NTLMv2 session security' *
(This is not yet implemented on the RPC pipes however, so there may
well still be issues for PDC setups, particuarly around password
changes. We do not fully understand the sign/seal implications of
NTLM2 on RPC pipes.)
This requires modifications to our authentication subsystem, as we
must handle the 'challege' input into the challenge-response algorithm
being changed. This also needs to be turned off for
'security=server', which does not support this.
- KEY_EXCH is another 'security' mechanism, whereby the session key
actually used by the server is sent by the client, rather than being
the shared-secret directly or indirectly.
- As both these methods change the session key, the auth subsystem
needed to be changed, to 'override' session keys provided by the
backend.
- There has also been a major overhaul of the NTLMSSP subsystem, to merge the 'client' and 'server' functions, so they both operate on a single structure. This should help the SPNEGO implementation.
- The 'names blob' in NTLMSSP is always in unicode - never in ascii.
Don't make an ascii version ever.
- The other big change is to allow variable length session keys. We
have always assumed that session keys are 16 bytes long - and padded
to this length if shorter. However, Kerberos session keys are 8 bytes
long, when the krb5 login uses DES.
* This fix allows SMB signging on machines not yet running MIT KRB5 1.3.1. *
- Add better DEBUG() messages to ntlm_auth, warning administrators of
misconfigurations that prevent access to the privileged pipe. This
should help reduce some of the 'it just doesn't work' issues.
- Fix data_blob_talloc() to behave the same way data_blob() does when
passed a NULL data pointer. (just allocate)
REMEMBER to make clean after this commit - I have changed plenty of data structures...
(This used to be commit f3bbc87b0dac63426cda6fac7a295d3aad810ecc)
|
|
Volker
(This used to be commit ccdcd88732c99497fc563379df7837c35eba72be)
|
|
(This used to be commit e1fac713e25692a5790c3261ba323732930f5249)
|
|
Volker
(This used to be commit e5664adc07307a066c5312d9224cef2c69a40f77)
|
|
called. This is *essential* (and should be done on all the other cli_XX
rpc calls) to help debug winbindd problems remotely.
Jeremy.
(This used to be commit bc215612cb7c1abc7fb78eda4016ba9e64cdc785)
|
|
Andrew Bartlett
(This used to be commit 97bc047434284527f25e130a72981da704ed1212)
|
|
- return NT_STATUS_NO_MEMORY instead of NT_STATUS_UNSUCESSFUL if a
talloc fails
- don't try and tallocate memory when the number of entries returned was
zero
- rename some cut&pasted variable names in enum domain aliases function
(This used to be commit aa748e1da543f0e59df8a56996ebd9510732507e)
|
|
(This used to be commit f200a5b85832ac5ec7724d58da7270cd14c565e3)
|
|
(This used to be commit 5b1807dddf0e4fb9fcaedcfe6f67dfd78fe117bb)
|
|
(This used to be commit c2e9673328b2d989f13626632442f095727a03c6)
|
|
from HEAD. I had to do this for him as he was *so* tired, the poor
chap, plus he has this bad leg, plus the dog ate his homework etc. etc.
Jeremy.
(This used to be commit 1e752b48a12cdcf2cb6343705be83f304e5ee2b6)
|
|
(This used to be commit ea2154b2692f76a3f0d597ddc154ecbbef72de60)
|
|
(This used to be commit 3823a2ff5a3c6edf325e2ac31bab50175420f0b1)
|
|
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
|
|
(This used to be commit 1f007d3ed41c1b71a89fa6be7d173e67e927c302)
|
|
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
(This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
|
|
and also completes the switch to lang_tdb.c. SWAT should now work
with a po file in the lib/ directory
also removed useless SYSLOG defines in many files
(This used to be commit 5296b20ad85d7519c870768455cb4d8df048c55a)
|
|
(This used to be commit 2d0922b0eabfdc0aaf1d0797482fef47ed7fde8e)
|
|
RPC code to merge with new passdb code.
Currently rpcclient doesn't compile. I'm working on it...
Jeremy.
(This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
|
|
We were reading the endainness in the RPC header and then never propagating
it to the internal parse_structs used to parse the data.
Also removed the "align" argument to prs_init as it was *always* set to
4, and if needed can be set differently on a case by case basis.
Now ready for AS/U testing when Herb gets it set up :-).
Jeremy.
(This used to be commit 0cd37c831d79a12a10e479bf4fa89ffe64c1292a)
|
|
authenticate against them. Big/little endian issues fixed.
Jeremy.
(This used to be commit 0e6a34510ed598eaec7fe71a9c91fda528a4675c)
|
|
cleanup of create_user
cleanup of rid/sid mix in samr. now we only have sid.
some prs_align() missing in parse_samr.c
a small debug change in srv_pipe.c
You still can't change a user's password in this commit.
Will be availble in the next one.
J.F.
(This used to be commit b655bc281fa183b1827a946ada1fcf500fb93aea)
|
|
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
|
|
head/tng merge.
It goes something like this:
- headers from tng get copied over one at a time
- the old headers get renamed to *_old.h
- server side code that used the old headers gets a
#define OLD_NTDOMAIN 1
#undef OLD_NTDOMAIN
at the start and end of the code
- mkproto.awk recognises these special defines and does magic stuff so
that each .c file sees the right headers
- we start moving the rpc client libraries from tng to head.
if this goes OK then, in theory, we should be able to move the client
side rpc code from tng to head without disturbing the existing head
server side code. Then when that works we can consider merging the
server side.
it remains to be seen if this scheme will work. So far I've moved
rpc_samr.h and don't seem to have broken anything.
Note this this is still a very delicate operation, as at every step of
the way I want to keep head fully functional. Please don't take part
unless you discuss it with me first.
(This used to be commit f76c037255a6a79d11bec65e863e009a41a4f0fd)
|
|
(This used to be commit d7cd7c88fdabb01d9e40ae8a657737907a21ac37)
|