Age | Commit message (Collapse) | Author | Files | Lines |
|
Refactor the actual retrieval of the session key through the
established netlogon pipe out of get_schannel_session_key()
and get_schannel_session_key_auth_ntlmssp() into a new
function get_schannel_session_key_common().
(To avoid code duplication.)
Michael
(This used to be commit e77c4022cfbb868e608edcb06b676658b0e201ad)
|
|
Michael
(This used to be commit 0cde7ac9cb39a0026a38ccf66dbecefc12931074)
|
|
Up to now each caller used its own logic.
This eliminates code paths where there was a special treatment
of the following situation: the domain given is not our workgroup
(i.e. our own domain) and we are not a DC (i.e. it is not a typical
trusted domain situation). In situation the given domain name was
previously used as the machine account name, resulting in an account
name of DOMAIN\\DOMAIN$, which does not seem very reasonable to me.
get_trust_pw would not have obtained a password in this situation
anyways.
I hope I have not missed an important point here!
Michael
(This used to be commit 6ced4a7f88798dc449a667d63bc29bf6c569291f)
|
|
Guenther
(This used to be commit cfc6e7a2e657ee55364b739d9fe0093e4f7c8b27)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|
|
Guenther
(This used to be commit 677d9e6d86997a1ae10266e9bab3b18c3fdd2890)
|
|
Make us very explicit about how long a talloc ctx
should last.
Jeremy.
(This used to be commit ba9e2be2b5a59684e854609f9d82ea1633448c62)
|
|
Jeremy.
(This used to be commit 0002a9e96b0ef78316295a6eb94ff29b64e2f988)
|
|
Jeremy.
(This used to be commit 15074de938539e7a9c527d9a6d81792adc2ac3d0)
|
|
lib/messages_local.c
rpc_client/ndr.c
smbd/notify_internal.c
utils/net_rpc_registry.c
metze
(This used to be commit c2645d2164c05976a98bafed980b6029baf89977)
|
|
uint32 instead of enum lsa_SidType.
Jeremy.
(This used to be commit 2df8252ff76406bfe57cd76e9927b5056e89e6ae)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
|
|
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba7346597425307e260e88647e49081f68)
|
|
Guenther
(This used to be commit eb311cafbb446abf8e29faf6501cf5b82593a36f)
|
|
the maxeln parameter instead of sizeof(target_area) - 1 (or even
sizeof(fstring) - 1 in some places.
I hope these were really all there were.
Michael
(This used to be commit 9a28be220df622322857dfe102fa35e108f932dc)
|
|
(This used to be commit 3246be8cf05a867b74b4b96697c99cc62f13c2a9)
|
|
rpccli_lsa_lookup_sids()
and remove the old rpccli_lsa_lookup_sids() function. The old function would
fail due to server limits when requesting to resolve too many sids at once
(20480 for W2k3). The new version passes the list of sids in hunks to the
server. It has up to now been used (and tested) in the winbindd_ads
lookup_groupmem() function, and I think the time has come to replace the actual
function with this correct version.
Michael
(This used to be commit 1194d4f36ef720747e62dde31881c295e44e4a76)
|
|
(This used to be commit aa603bcc6c848de67ea07d6028ab841a8401d9ad)
|
|
Michael
(This used to be commit 7238884c2cb25dd9279703004ffab6618715a275)
|
|
uninitialized data.
Michael
(This used to be commit b4fff6d09d17a18eae61e8ca789f128cd094ba09)
|
|
rpccli_lsa_lookupsids_noalloc() returns an error for one hunk
of SIDs: free all allocated arrays and return the error code
returned by the hunk lookup.
Michael
(This used to be commit 2c68ebd6934206186dc6e635401f66c2fd1e1234)
|
|
(This used to be commit df648d47ff3c4e24f439fda839653bda98323100)
|
|
Thanks to Volker for the hint!
Michael
(This used to be commit 3b7ed3ea881dc59b77a067d5d3738e9e03b6c538)
|
|
instead of the pull and push functions
metze
(This used to be commit 5e3d4df9bca069708d72f548dc5ddfc7708ac122)
|
|
(This used to be commit 918aad0d8b4b0c2caa8830726a17d3ad4d19f72a)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Guenther
(This used to be commit e9a7512a9f630340004913f1379452eea8a9b6ae)
|
|
in a lookup_sidX reply isn't optional - like the
lookup_sidX query it needs to be defined in the
struct.
All this will go away with PIDL (thank goodness....).
Jerry - I think this is a showstopper to be merged
for 3.0.25b.
I'll be watching the build farm to see if anything broke.
Jeremy.
(This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
|
|
Guenther
(This used to be commit 5e75ea7f2b568d76c8ced5f43171741532cc97c2)
|
|
SAMBA_3_0_26
(This used to be commit 0b1bc3521fac52f3164b6cc9e053abc3ceabf5e7)
|
|
(This used to be commit eccd50abdaed3e4e06cc5da5473ca1beeb3fc49a)
|
|
were using
netr_GetDcAnyName all the time (which is the correct thing to do).
Fix the naming and opcode mixup in all branches.
Guenther
(This used to be commit def6464c872a5939f0028837254f2c019d2d71c8)
|
|
netr_DsRGetDCNameEx2) and add new ds request and reply flags, also add some
more WERROR codes.
Guenther
(This used to be commit 37ae7f419702c563bcd0d9c27c02bde7efd34dd7)
|
|
use the credential chain and only works over netlogon, but it would
allow multiple outstanding auth requests for a single workstation
account.
(This used to be commit 123290d0947191abca4a3b3d81718c823c1bc4a0)
|
|
Before comitting that, I have to verify that it does not
break anything...
Michael
(This used to be commit 55ea93d47e72d13b7e6d6900eea5da1e9a49ff8d)
|
|
sense...
(This used to be commit 374dea8c6f5192224ee46e0c3c9b63221028858e)
|
|
talloc context for use with the actual rpc query and response.
So the the parent context does not get flooded by the posslibly
large amount of response data (when looking up a lot of sids).
Note: It not possible, to simply use the names and domains arrays
as talloc contexts for the talloc_strdup calls, because from
rpccli_lsa_lookup_sids_all, this is called with names + offset
and domains + offset where names and domains are talloced
arraye for the complete response.
(This used to be commit 8e60900c5c5fccbe1718b805b6b1628d32b920d0)
|
|
looked up at one time. This limit is at 20480 for w2k3.
Our rpccli_lsa_lookup_sids function ignores this limit, so when
we give the server too long a list of SIDs, then we will get
nothing back. Since typically rpccli_lsa_lookup_sids is given
one SID (or a small number of SIDS), this did not do harm
up to now. But since I want to use lsa_lookup_sids in a subsequent
modification to winbindd_ads.c:lookup_groupmem to get rid of
a vast number of dn_lookup calls to the server, I had to make
sure we do it correctly.
I have added a function rpccli_lsa_lookup_sids_all function
that has the same prototype but internally splits the list
of SIDs up into hunks of a (conservative, hard coded) 1000
SIDs each for a first go.
If this approach is agreed upon, the new function could replace
the original rpccli_lsa_lookup_sids function.
Michael
(This used to be commit 66ff0bc6c39f86a9830dc508cd891e33638b475d)
|
|
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687ef00181f4f04e001d42181d93ac931e)
|
|
to examine parse_misc.c fix.
Jeremy.
(This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
|
|
Jeremy.
(This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
|
|
Jeremy.
(This used to be commit 8ad13718af0ba1fcb10a6f1631b1ed3cb8d11175)
|
|
(This used to be commit 2eec760154a4126df616a3c078b7741c57239c86)
|
|
metze
(This used to be commit aa28bcc4669bf08f73815d00cd87c854d2ac1e92)
|
|
not specific for NTLMSSP
- it's possible that the server sends a mechOID and authdata
if negResult != SPNEGO_NEG_RESULT_INCOMPLETE, but we still
force the mechOID to be present if negResult == SPNEGO_NEG_RESULT_INCOMPLETE
metze
(This used to be commit e9f2aa22f90208a5e530ef3b68664151960a0a22)
|
|
which matches what samba4 has.
also fix all the callers to prevent compiler warnings
metze
(This used to be commit fa322f0cc9c26a9537ba3f0a7d4e4a25941317e7)
|