Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit d817eaf0ecca2d878ab1ffcf7a747a02d71c811e)
|
|
that is now possible to, for example, load a module which contains
an auth method into a binary without the auth/ subsystem built in.
(This used to be commit 74d9ecfe2dd7364643d32acb62ade957bd71cd0d)
|
|
on the security entries sent.
Jeremy.
(This used to be commit 45953d59f707b58e66b980512afc7f929d360ad5)
|
|
struct in the correct place.
Jeremy.
(This used to be commit 4cd8b276715f7e019fcee8fc3ebb2855610c4751)
|
|
Jeremy.
(This used to be commit 151b7d0d88e14dd17c28e522a3e1e8f64a4a2a87)
|
|
(This used to be commit 7bec28f23c5bef8516e798a0808585ed1a30517e)
|
|
(This used to be commit b87be0dddfcace95527b9a05f8f81cd6d2e86d39)
|
|
(This used to be commit 0c1946e51c7cd18907eb65c93042758196fe74c9)
|
|
structure-memcpy for DATA_BLOB parameters to using a pointer to that DATA_BLOB.
auth_sam calls some of these functions, so I've cleaned it all up to use this
format now.
Also clean up some debug statements to make them easier to read.
Andrew Bartlett
(This used to be commit 0c355c274a6ac084e4bf15a15613dfc007d6c5fc)
|
|
With big thanks to tpot for the ethereal disector, and for the base code
behind this, we now fully support NTLMv2 as a client.
In particular, we support it with direct domain logons (tested with ntlm_auth
--diagnostics), with 'old style' session setups, and with NTLMSSP.
In fact, for NTLMSSP we recycle one of the parts of the server's reply directly...
(we might need to parse for unicode issues later).
In particular, a Win2k domain controller now supplies us with a session key
for this password, which means that doman joins, and non-spnego SMB signing
are now supported with NTLMv2!
Andrew Bartlett
(This used to be commit 9f6a26769d345d319ec167cd0e82a45e1207ed81)
|
|
users and groups.
(This used to be commit dcc6d9e76c737400aaffdd4f261fd0f191aaeea8)
|
|
(This used to be commit 372a574a73b86855cf6efc18349e5ba24067d690)
|
|
LMv2 response less than 24 bytes is just silly.
Andrew Bartlett
(This used to be commit b4ecdb2e582376d2713f81e8e32a668014905d70)
|
|
same here.
Andrew Bartlett
(This used to be commit a4556786d28724309321a02afbf5005158440258)
|
|
one element longer than the domain sid.
Andrew Bartlett
(This used to be commit c61e5e38776d2de53d120b592a6685158e79ebb8)
|
|
(This used to be commit 045210e129e6e0aef8f847e7ed8714d0d9974e7f)
|
|
(This used to be commit 7f76eac5a0f93107d990b0fde651838c38970092)
|
|
- auth with ntlmv2 and lmv2 but deliberately break the ntlmv2 hash
- auth with ntlmv2 and lmv2 but deliberately break the lmv2 hash
- auth with ntlm and lm but deliberately break the ntlm hash
- auth with ntlm and lm but deliberately break the lm hash
My theory is that the NTLM or NTLMv2 field must be correct and if it is,
it doesn't matter what the value of the LM or LMv2 field is.
Fixed cosmetic test name display bug.
(This used to be commit 5dcde9451bd0d6a7462b77cf5ed137bfd691adaa)
|
|
Now the build farm will no doubt find more.
(This used to be commit e91e648c9b0841fbffbc8f39e71abade0996a1e7)
|
|
then we weren't always correctly detecting that it had a valid stat struct
and so might now return a 'file existed'. Finally realized this when installing
the W2K resource kit as a test case.
Jeremy.
(This used to be commit d48069ccd8351e4bff097a7f7500c738870a413d)
|
|
(This used to be commit 016f6b4e19c2b8e4f5e1d010cc428ca194650140)
|
|
(This used to be commit 83bb84f13121267992e78f2d005257932c711f23)
|
|
to link during configure checks.
(This used to be commit 7af282e7ff9c2cccfab97130dc66515a4852c25f)
|
|
Volker
(This used to be commit 6cde3d4d655bbe1d81e68ec2ec7a23669ac82120)
|
|
important once we start doing schannel, as there would be a lot more
roundtrips for the second PIPE open and bind. With this patch logging
in to a member server is a matter of two (three if you count the
ack...) packets between us and the DC.
Volker
(This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e)
|
|
the other infrastructure with name owners etc in place. If anybody is
really going to tackle winsrepld, it will probably not be hard to put
the additional info back.
Volker
(This used to be commit eb82daa84a5339f28ebf431ee1044b7e1e4a4300)
|
|
(This used to be commit 05a684b3be1525aad3589ded9e59c3f012b5ef20)
|
|
Andrew Bartlett
(This used to be commit 97bc047434284527f25e130a72981da704ed1212)
|
|
this world than 'status more entires'...
Also move all the cases to 'NT_STATUS_EQUAL()' to test it.
Andrew Bartlett
(This used to be commit b4645bf0661dadcd077b21bb6f6452ed8b2eb726)
|
|
are identical - noticed by "Dr. Tilo Levante" <tilo@levante.de>.
Jeremy.
(This used to be commit f6d7c279bc8354202f2a9b39fec4a4c8ace368a3)
|
|
Jeremy.
(This used to be commit 395dfd196cf4bcd432a4895d3dd09fefd46cd6d8)
|
|
Jeremy.
(This used to be commit cf78b1e7fe72aec72d03c86c46a8ca49df539c11)
|
|
(well, under certain conditions :-)
There is no length limit on the size of the authentication response added
into the MD5 hash. (We had previously limited this to lengths like 40, 44 or
64 in attempts to make sense of what the SNIA spec tells us).
Instead, the entire authentication response is added in.
Currently, this only works on a Win2k domain members with a Samba PDC,
becouse our NTLMv2 code currently fails against an Win2k PDC.
However, this splits the problem in half - particularly as the NTLMv2 format
is known, and even has an ethereal disector! (thanks tpot).
Andrew Bartlett
(This used to be commit 7645d3d28afbb8eea502c0e063df3afb3aa812f4)
|
|
lp_workgroup(), for all other server this is global_myname().
This is the name of the domain for accounts on *this* system, and getting
this wrong caused interesting bugs with 'take ownership' on member servers
and standalone servers at Snap.
(They lookup the username that they got, then convert that to a SID - but
becouse the domain out of the smbpasswd entry was wrong, we would fail the
lookup).
Andrew Bartlett
(This used to be commit 5fc78eba20411f3f5a8ccadfcba5c4ab73180dba)
|
|
(This used to be commit 42d0414ed244b92b665cb231f6756f60391861dd)
|
|
Jeremy.
(This used to be commit f219e8309c7d17b332873e9283ab3c3796e7e799)
|
|
servers don't answer that name. However we *know* they
have the name workgroup#1b (as we just looked it up).
So do the node status request on this name instead.
Found at LBL labs.
Jeremy.
(This used to be commit 41e3abe8b80026812ea7dd7ad535e8e41e26daa4)
|
|
used to be commit 8bee59ffcea1495f03b35d38da0eb76955b93f3d)
|
|
split out privileges from rpc_lsa.h
(This used to be commit 37d7cc8162d02a664095dbe0fc8d7250d1ed51c9)
|
|
(This used to be commit fb03fafed14a2816808e98fd95850db3e655d5d9)
|
|
(This used to be commit 58d284bd06f5893a752c1f22828715f8bd130c82)
|
|
(This used to be commit 2f631769f836baeec669456f786ecb38c81d9a23)
|
|
(This used to be commit 3033a63cefb5f28d4460885f7f4e4ecaed95443c)
|
|
initialisation code in winbindd_init_common() after the fork when
running in dual daemon mode.
The only tricky bit is we have to run a tdb_reopen_all() somewhere in
the child to avoid tdb corruption.
Fixed bug #60.
(This used to be commit 25e55aca0fe315c2ccf4e34a94107b2321313714)
|
|
(This used to be commit 29d775fe68be8988e344c35106a80d6ca8236e4d)
|
|
(This used to be commit 8257f537de57a2681e6d9cc2c421435b1d751a60)
|
|
Andrew Bartlett
(This used to be commit 7342c70b4cecfc1f42c46b19360db6c077604be2)
|
|
Rafal
(This used to be commit d03124fbf182f194e48c4ef9ae6aedc4db4f13b0)
|
|
debug msg while establishing trust and listing relations of Samba PDC.
Rafal
(This used to be commit 8681cbae0d142a1f9ac537cb22e611a6f5262b54)
|
|
(This used to be commit 855fab395f97dd232fd9bb78e62ad12b16fe2a24)
|