Age | Commit message (Collapse) | Author | Files | Lines |
|
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain. This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).
The precalculated blobs do not reveal the plaintext password.
Original patch by Alexey Kobozev <cobedump@gmail.com>
(This used to be commit 967292b7136c5100c0b9a2783c34b1948b16dad4)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
(This used to be commit ee2b2d96b60c668e37592c79e86c2fd851e15f69)
|
|
(This used to be commit 555984ea772730a5752905f1130e0bf6ec48207f)
|
|
in smb.conf. This did work before the join rewrite.
Samba will have problems if you try to run any of the daemons
with an incorrect workgroup but it should not fail to join.
The summary is that a member server should always use it's
own machine name when setting up schannel since that is
the only account it has. Thanks to Volker for the discussion.
(This used to be commit 95763b94f709fe1ad9e381dbc6b364c2f3759024)
|
|
cli_rpc_pipe_open_krb5.
Guenther
(This used to be commit fa19099112490daa085bb310f2f4ed877bb22b40)
|
|
samr_query_domain_info(2) for consistency reasons.
Guenther
(This used to be commit 870495e2c8628deee0498e68cc1d93abfbc56da4)
|
|
Guenther
(This used to be commit 6ed7d7fa70e3f750f921192c0f75594d608875b7)
|
|
With this change (and setting lanman auth = no in smb.conf)
we have *identical* NTLMSSP flags to W2K3 in SPNEGO auth.
Jeremy
(This used to be commit 93ca3eee55297eb7fdd38fca38103ce129987e2a)
|
|
servers. Also add a new "net rpc audit" tool. The lsa query infolevels
were taken from samb4 IDL, the lsa policy flags and categories are
partly documented on msdn. I need to cleanup the double
lsa_query_info_policy{2}{_new} calls next.
Guenther
(This used to be commit 0fed66926f4b72444abfc8ffb8c46cca8d0600aa)
|
|
Jeremy.
(This used to be commit f88f2d93686ba6bd317b7bc935888e75b7999c83)
|
|
Jeremy.
(This used to be commit c2636c10262e8045f701143dee22b10b2d0c0344)
|
|
Might need to rework prs_dcerpc_status().
Guenther
(This used to be commit 38b18f428ba941f4d9a14fa2de45cb0cd793a754)
|
|
kerberos_kinit_password_ext provides access to more options.
Guenther
(This used to be commit afc519530f94b420b305fc28f83c16db671d0d7f)
|
|
(This used to be commit e49ca3af8c2522aee670e6b807d7b3df31be47f6)
|
|
* Fix inverted logic check for machine accounts in get_md4pw()
(This used to be commit a36529535dcb5a262e7627b80fb62a31240dc8ad)
|
|
Fix Coverity bug # 142.
Volker
(This used to be commit f2a24b63e395d5cbb9b81521cd7ffe904821b727)
|
|
(This used to be commit 5a0087e636104ffa98f23b8d17b4d002a55bc6b7)
|
|
trigger coverity checks by testing for NULL.
Jeremy.
(This used to be commit 6b4484159293d725613249adbfa01472dea1c722)
|
|
(This used to be commit 598513d1d3e23cc71ea0fd53230d393b6724b534)
|
|
Guenther
(This used to be commit 0ae3fddf95a95ec8a2f4d52e1276c1721b33ddfd)
|
|
from jason@ncac.gwu.edu.
Jeremy.
(This used to be commit 00f8b4e1aa44904c91af8eb6ac4c3f196986c339)
|
|
* Fix a couple of related parsing issues.
* in the info3 reply in a samlogon, return the ACB-flags (instead of
returning zero)
Guenther
(This used to be commit 5b89e8bc24f0fdc8b52d5c9e849aba723df34ea7)
|
|
not to, cope with a server that doesn't offer schannel also.
Jeremy
(This used to be commit 68005f6bdb70883eace0d9067c76c3360a803023)
|
|
Guenther
(This used to be commit c201e51de387d3d49880ed519eb9d825df92f5af)
|
|
Bartlett's
Samba4 code.
Jeremy.
(This used to be commit a2fb436fc5dd536cfe860be93f55f9cb58139a0e)
|
|
Guenther
(This used to be commit 290a581b7567eab82b18fbadae9aa2ab29e95069)
|
|
Jeremy.
(This used to be commit e8e2fc79b4afd6625e1d50e23b31eb49f67526d9)
|
|
Guenther
(This used to be commit d27771ca1d046aa7fc0c15d410d9fe83da85428f)
|
|
Guenther
(This used to be commit f60eddc0a4dfe623e5f115533a62c03810fd5f38)
|
|
Implement 'net rpc shell account' -- An editor for account policies
nt_time_to_unix_abs changed its argument which to me seems wrong, and I could
not find a caller that depends on this. So I changed it. Applied some more
const in time.c.
Volker
(This used to be commit fc73690a7000d5a3f0f5ad34461c1f3a87edeac5)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
The session key, after beeing set, was zeroed later on by the prs_init
in the CLI_DO_RPC macro.
Guenther
(This used to be commit eaaeaa767e86151886964dcdd9f3186f0b31ed53)
|
|
and followed up by derrell@samba.org.
Jeremy.
(This used to be commit 5cab88f1444177129bb5521ccc4afd8869e9bf25)
|
|
check in the DEBUG message referenced in the previous commit
(This used to be commit 6c04a8f9adfcd40fb0f1e1fcd4e22056ee463046)
|
|
1. Fix a crash bug which should have reared its ugly head ages ago, but for
some reason, remained dormant until recently. The bug pertained to
libsmbclient doing a structure assignment of a cli after having opened a
pipe. The pipe open code makes a copy of the cli pointer that was passed
to it. If the cli is later copied (and that cli pointer that was saved
is no longer valid), the pipe code will cause a crash during shutdown or
when the copied cli is closed.
2. The 'type' field in enumerated shares was not being set correctly with
the new RPC-based mechanism for enumerating shares.
(This used to be commit 62a02b8f2a1fcb66881a9c9636e0b27e3049c5a1)
|
|
Guenther
(This used to be commit 1fa8039397175331d9f5e8b5e3897e9bba14484a)
|
|
Guenther
(This used to be commit 0705fed566efdeab05d605dd239afe67ca5e9811)
|
|
Guenther
(This used to be commit 8609484ff65aaf075d2f768960246dad398855a4)
|
|
Guenther
(This used to be commit c54430a7b5e40d3bdf8afdc813eb722c0a3b861e)
|
|
Guenther
(This used to be commit a8bc4bc902075cfd009dc92674c4560a44a74277)
|
|
you the IP
address but also the fqdn of the remote dc and site info.
Volker
(This used to be commit 62d01ce7e6c14971084c208ab61f379cb172cb22)
|
|
logons work if the client gives the MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT
or MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT flags. This changes
the auth module interface to 2 (from 1). The effect of this is
that clients can access resources as a machine account if they
set these flags. This is the same as Windows (think of a VPN
where the vpn client authenticates itself to a VPN server
using machine account credentials - the vpn server checks
that the machine password was valid by performing a machine
account check with the PDC in the same was as it would a
user account check. I may add in a restriction (parameter)
to allow this behaviour to be turned off (as it was previously).
That may be on by default.
Andrew Bartlett please review this change carefully.
Jeremy.
(This used to be commit d1caef866326346fb191f8129d13d98379f18cd8)
|
|
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
|
|
a/c we were asking for.
Jeremy.
(This used to be commit 3ba5d02cff61d64dbab1fef28f74ea6509f4f8e9)
|
|
up a *lot*.
Jeremy.
(This used to be commit 762fff4ddb505b90ada1ea54348dba1a8b9af631)
|
|
(this is the way it's been done in other functions). Instead
of moving this into the IDL, I think the best solution would
be to write a wrapper function around any call that needs
this (this is what we already do for many of the calls).
Jeremy.
(This used to be commit aeca4efa11728be53b81967bb5442b5b09d1a975)
|
|
Andrew Bartlett is right - making lsa code do it the
netlogon way, not vica-versa.
Jeremy.
(This used to be commit f313757e36215cb3dd956e4a73de6d30258a6974)
|
|
functions
in cli_netlogon look similarly suspicious.
Volker
(This used to be commit 8d7713431efd80bd358daffcbbc4d715611b8b4b)
|
|
x86_64 box.
Jeremy.
(This used to be commit d720867a788c735e56d53d63265255830ec21208)
|