Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
(This used to be commit bac3bb2f6e9e15b3a9a6a6511c484f8509918ca1)
|
|
zero_addr(&ss). All current uses were always of the
AF_INET form, so simplify the call. If in the future
we need to zero an addr to AF_INET6 this can be
done separately.
Jeremy.
(This used to be commit 2e92418a138bf2738b77b7e0fcb2fa37ad84fc0c)
|
|
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c3125d5732c37a72d74b0eb5cd7b6155fd)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
(This used to be commit 5c6c8e1fe93f340005110a7833946191659d88ab)
|
|
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
(This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c)
|
|
and client fixes. Patch from Todd Stetcher <todd.stetcher@isilon.com>.
(This used to be commit 8304ccba7346597425307e260e88647e49081f68)
|
|
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
Jeremy.
(This used to be commit a2cf87f58a0a1dbc468a78347880a2f07443b1d8)
|
|
Guenther
(This used to be commit fb21c9c58b3867ee2f0831342427b0cd0aa1fd6c)
|
|
Guenther
(This used to be commit 4106a56d3f4edb2e07e876204743a1cb028c950a)
|
|
(This used to be commit 50d74ce0488a9bd0980cdc6d523a210f6238ef74)
|
|
* rpccli_reg_abort_shutdown()
* rpccli_reg_flush_key()
Remove the cmd_reg.c from rpcclient since the entire file
was unused
(This used to be commit c4788f0c1398feb098f131aa5c4d0398d7489527)
|
|
"debug" to be set instead of "debuglevel" - just for convenience.
Guenther
(This used to be commit ffec64730b04076264045841ccfd0ed7fce43c2f)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
<drl@vuse.vanderbilt.edu>.
Jeremy.
(This used to be commit 502f3e911a2e9e3e0e4a4eae34885329e0624dd5)
|
|
Jeremy.
(This used to be commit 45cfba12cfd87bebd3876087cac0575f586e395f)
|
|
Jeremy.
(This used to be commit 3799f18b356934592206679310e6e409c0d1ca0f)
|
|
Jeremy.
(This used to be commit 76c4f2c4dc6fcd91a350985b16f4a6a321ac4bf6)
|
|
Fix Coverity bug # 144.
Volker
(This used to be commit d47ee82f068f1dfbae4a1c81e6bd765d5d36f09f)
|
|
solution, but it does this particular job... :-)
Volker
(This used to be commit df6d67cd10c0045f3c6f73381716300221cecf18)
|
|
(This used to be commit 5f9f772c2539112b17ebd13d7d3f4f7ab6fb141b)
|
|
after the
lp_load, because otherwise the lp_load overwrites the -W setting again.
Volker
(This used to be commit c7cc625d6360c1df2e4465d1d5ae792ff63a80de)
|
|
lp_load() could not be called multiple times to modify parameter settings based
on reading from multiple configuration settings. Each time, it initialized all
of the settings back to their defaults before reading the specified
configuration file.
This patch adds a parameter to lp_load() specifying whether the settings should
be initialized. It does, however, still force the settings to be initialized
the first time, even if the request was to not initialize them. (Not doing so
could wreak havoc due to uninitialized values.)
(This used to be commit f2a24de769d1b2266e576597c57a8e3b1e2a2b51)
|
|
(This used to be commit 3247a4cfc1df27c23806f196257bd8c68cb63176)
|
|
and client_name when doing netlogon credential setup.
Jeremy.
(This used to be commit 37e6ef9389041f58eada167239fd022f01c5fecb)
|
|
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
|
|
Volker
(This used to be commit c7d10e2c834d8d5136e2d01dea1ad286757deddb)
|
|
Guenther
(This used to be commit c0f3f12a6237842987845f4b4c787e25a632f2f5)
|
|
(This used to be commit a0ac9a8ffd4af31a0ebc423b4acbb2f043d865b8)
|
|
rpcclient-tester for some info-levels.
Jerry, I tried to adopt to prs_pointer() where possible and to not
interfere with your work for usrmgr.
- Add "net rpc trustdom vampire"-tool.
This allows to retrieve Interdomain Trust(ed)-Relationships from
NT4-Servers including cleartext-passwords (still stored in the local
secrets.tdb).
The net-hook was done in cooperation with Lars Mueller
<lmuelle@suse.de>.
To vampire trusted domains simply call:
net rpc trustdom vampire -S nt4dc -Uadmin%pass
Guenther
(This used to be commit 512585293963a1737f831af697ea1dc092d63cb0)
|
|
(This used to be commit 8f87d9c5b66bfbbb1c2eb409bc424fa730b66ff0)
|
|
(This used to be commit ec78c3f2a2e38abe96132475a22bfd52c850b001)
|
|
samr_remove_sid_from_foreign_domain.
(This used to be commit 8360695fc02dfb09aff92a434bf9d411e65c478c)
|
|
Guenther
(This used to be commit c39c447a5de75d15d17bb65227ebc5eb1355e4e1)
|
|
supported pipe. Netlogon is still special, as we open that twice, one to do
the auth2, the other one with schannel.
The client interface is completely unchanged for those who only use a single
pie. cli->pipe_idx is used as the index for everything except the "real"
client rpc calls, which have been explicitly converted in my last commit. Next
step is to get winbind to just use a single smb connection for multiple pipes.
Volker
(This used to be commit dc294c52e0216424236057ca6cd35e1ebf51d0da)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
(This used to be commit faec928564529c7ffb2653943be9cafbfb9e4688)
|
|
#534
(This used to be commit 4e86243ea1d4bbe96720caaaf02300f5e15bee5a)
|
|
clientspreviously joined to the Samba domain
(This used to be commit 3802f5895ee18507c6f467bd11db0b1147a6fdfd)
|
|
- Make winbindd try to use kerberos for connections to DCs, so that it can
access RA=2 servers, particularly for netlogon.
- Make rpcclient follow the new flags for the NETLOGON pipe
- Make all the code that uses schannel use the centralised functions for doing so.
Andrew Bartlett
(This used to be commit 96b4187963cedcfe158ff02868929b8cf81c6ebf)
|
|
(This used to be commit 398bd14fc6e2f8ab2f34211270e179b8928a6669)
|
|
NTLMSSP with "" username, NULL password), and add --machine-pass (-P) to
all of Samba's clients.
When connecting to an Active Directory DC, you must initiate the CIFS level
session setup with Kerberos, not a guest login. If you don't, your machine
account is demoted to NT4.
Andrew Bartlett
(This used to be commit 3547cb3def45a90f99f67829a533eac1ccba5e77)
|
|
connections. Overrides smb.conf parameter if set.
Jeremy.
(This used to be commit 879309671df6b530e0bff69559422a417da4a307)
|
|
trusted domains in a forest.
(This used to be commit c691c7f7d9afb8af542dc83cf934df1dfd38ef17)
|
|
connection that set it up has been shut down.
(Also, pipes still connected, and reconnections to the same pipe (eg SAMR)
may continue to use that session key until their TCP/IP connection is shut
down)
Allow further testing by printing out the session key, and allowing it's input
into rpcclient.
Next step is automatic storage in a TDB.
Andrew Bartlett
(This used to be commit fa4d7be1619b51aacec37ddf995c940b8100aef9)
|
|
(This used to be commit 8b818ce381595cdcb36631a2440d6aa0038805f1)
|
|
the schannel code, but I've included that anyway. :-)
This patch revives the client-side NTLMSSP support for RPC named pipes
in Samba, and cleans up the client and server schannel code. The use of the
new code is enabled by the 'sign', 'seal' and 'schannel' commands in
rpcclient.
The aim was to prove that our separate NTLMSSP client library actually
implements NTLMSSP signing and sealing as per Microsoft's NTLMv1 implementation,
in the hope that knowing this will assist us in correctly implementing
NTLMSSP signing for SMB packets. (Still not yet functional)
This patch replaces the NTLMSSP implementation in rpc_client/cli_pipe.c with
calls to libsmb/ntlmssp.c. In the process, we have gained the ability to
use the more secure NT password, and the ability to sign-only, instead of
having to seal the pipe connection. (Previously we were limited to sealing,
and could only use the LM-password derived key).
Our new client-side NTLMSSP code also needed alteration to cope with our
comparatively simple server-side implementation. A future step is to replace
it with calls to the same NTLMSSP library.
Also included in this patch is the schannel 'sign only' patch I submitted to
the team earlier. While not enabled (and not functional, at this stage) the
work in this patch makes the code paths *much* easier to follow. I have also
included similar hooks in rpccleint to allow the use of schannel on *any* pipe.
rpcclient now defaults to not using schannel (or any other extra per-pipe
authenticiation) for any connection. The 'schannel' command enables schannel
for all pipes until disabled.
This code is also much more secure than the previous code, as changes to our
cli_pipe routines ensure that the authentication footer cannot be removed
by an attacker, and more error states are correctly handled.
(The same needs to be done to our server)
Andrew Bartlett
(This used to be commit 5472ddc9eaf4e79c5b2e1c8ee8c7f190dc285f19)
|
|
(This used to be commit f005f1cf12b839f3985ab00315da63c584ce803e)
|