Age | Commit message (Collapse) | Author | Files | Lines |
|
this allows the client code to trigger a retry with a new password
callback for NTLM connections
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
not all servers give LOGON_FAILURE on authentication failures, so we
need to do the retry with a new ticket on a wider range of error types
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows our RPC client code to cope with a kerberos server
changing password while we have a valid service ticket
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
replies (bug #9097)
metze
|
|
alter_context responses
metze
|
|
metze
|
|
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
metze
|
|
metze
|
|
metze
|
|
This was incorrect in 02a356ea775a3ba589cb50af3c861ab86aaffa0b.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jul 29 14:54:33 CEST 2012 on sn-devel-104
|
|
gensec_update()
This avoids a situation where we could destroy pointers on the stack due to
a nested event loop.
This is certainly not a final, generic solution, but it is a minimal change
while we work to make gensec and gensec_gssapi async.
Andrew Bartlett
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
The RODC stuff doesn't depend on the schannel algorithm.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
dcerpc_pipe_open_smb2_send()
Pair-Programmed-With: Michael Adam <obnox@samba.org>
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 23 12:17:08 CEST 2012 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Apr 3 23:06:31 CEST 2012 on sn-devel-104
|
|
If the transfer syntax is NDR64, it's only for the payload not
for the dcerpc pdus.
metze
|
|
ndr_ prefix.
This makes the NDR namespace a bit clearer, in preparation of ABI checking.
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Mar 16 02:48:52 CET 2012 on sn-devel-104
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Many thanks to Andrew Bartlett <abartlet@samba.org> for the
debugging, which lead to the following line:
talloc_steal(state, raw_packet->data);
metze
|
|
Many thanks to Andrew Bartlett <abartlet@samba.org> for the
debugging, which lead to the following line:
talloc_steal(state, raw_packet->data);
metze
|
|
connection
metze
|
|
Deep inside dcerpc_ship_next_request() some code path
could trigger dcerpc_connection_dead(), which means
it's not safe to do any processing after calling dcerpc_ship_next_request().
metze
|
|
There's no point in doing anymore processing,
it can just lead to crashes.
metze
|
|
metze
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Mar 9 07:18:45 CET 2012 on sn-devel-104
|
|
timeouts
Using tevent_req_defer_callback() should make the situation a bit better,
until we have a common robust low level dcerpc library.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Mar 7 18:44:24 CET 2012 on sn-devel-104
|
|
metze
|
|
|
|
metze
|
|
This gets the session key from gensec for usage in DRSUAPI.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jan 4 22:31:52 CET 2012 on sn-devel-104
|
|
As a client we request as much flags as possible. The server checks
which flags it supports and returns the same negotiation flags or less.
So we need to store the negotiate flags from the server. We need them
later if we have to call netr_LogonGetCapabilities.
|
|
Windows Server 2008 returns NT_STATUS_DOWNGRADE_DETECTED if you call
netrServerAuthenticate2 during a domain join without setting the strong
keys flag (128bit crypto).
Only for NT4 we need to do a downgrade to the returned negotiate flags.
See also 0970369ca0cb9ae465cff40e5c75739824daf1d0.
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 30 15:13:36 CET 2011 on sn-devel-104
|
|
metze
|
|
The function continue_ip_resolve_name was calling resolve_name_recv which returns
only the first IP for a given hostname.
Instead we use resolve_name_multiple_recv which returns all the IP for a given
hostname. This kind of problem can occur if a host has more than 1 IP but is listenning
only on 1.
|
|
The should use smb2_write_recv() to get the result.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 28 09:55:48 CEST 2011 on sn-devel-104
|
|
The should use smb_raw_write_recv() to get the result.
metze
|
|
Currently there are a lot of duplicate ioctl function field definitions
between source3 and source4.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the TDB layer to get at the lp_ctx for tdb options.
Andrew Bartlett
|
|
this makes debugging some RPC auth issues easier
|