| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This reverts commit 87b6f2e863c6e117643ab6704e50167e849b69cc.
This was the cause of the breakage of the "LogonGetDomainInfo" testsuite. I
think my behaviour is more correct to Windows Server since the test works
against it (at least release 2003 R2).
One problem I discovered is that freshly joined workstations don't get their
DNS name into the directory. Therefore I think also another part (maybe another
RPC call) is able to do this.
|
|
|
|
|
|
Now we have Windows 7 released so don't refer to a beta anymore.
|
|
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
|
|
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
|
|
|
|
and supported encryption types)
This is simply for better performance (no functional change).
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
Update to use the new DS_DNS_FOREST_ROOT name, which makes it clearer
what this bit means (according to MS-ADTS doc)
|
|
This seems to be what w2k8 does
|
|
|
|
|
|
We don't implement sites properly at the moment so we just return
Default-First-Site-Name
|
|
Guenther
|
|
"LogonGetDomainInfo" call
They're needed only at the end.
|
|
Vista and upper version use this value to check wether they should ask the DC
to change the msDS-SupportedEncryptionTypes attribute or not.
Declare the different value as a bitmap in Netlogon idl
|
|
This check is specified in Windows Server after release 2003.
The parameter "hostname" should match as prefix of the dns hostname given as
parameter in the "workstation" structure.
|
|
Guenther
|
|
- Correctly use samdb_search_string to do a 'base' search
(this needs a NULL, not a "" argument for the format string)
- There is no need (and it caused a security hole) to use
talloc_asprintf() with the only argument being the string to
duplicate.
Andrew Bartlett
|
|
This addresses bug #4888 and #6596 in SAMBA 4 Bugzilla
- It implements the call in the complete form as specified in the MSPP/WSPP docs
and on the discussion on the "cifs-protocol" list
- Therefore client informations (OS name, OS version, "servicePrincipalName"...)
are now saved in the AD each time the client invokes the call
|
|
|
|
In the SAMBA 4 DCE/RPC NETLOGON server the SAM context references have generally
the type "void *". But we know that those context objects are based on the "struct
ldb_context" type. We've always to cast for using a SAM/LDB call.
This I didn't find very appealing and so I assigned the right (detailed) type to each "sam_ctx".
Therefore, the casts could disappear.
Also this change is only cosmetic.
|
|
Guenther
|
|
Patch for bug #4939
This refactors the NETLOGON code related to this bug:
- Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc.
to WSPP)
- Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP)
- Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is
also true when a domain is running in mixed mode)
- Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex"
(acc. to WSPP)
- Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
|
|
A single AD server can only host a single domain, so don't stuff about
with looking up our crossRef record in the cn=Partitions container.
We instead trust that lp_realm() and lp_workgroup() works correctly.
Andrew Bartlett
|
|
|
|
In particular, this is the rename from creds_ to netlogon_creds_, as
well as other links to use the new common crypto.
Andrew Bartlett
|
|
Thanks to Andrew Kroeger <andrew@id10ts.net> for reporting this. This
fix just for the release. A better fix will make it into the master
branch soon.
Andrew Bartlett
|
|
|
|
dcesrv_netr_ServerAuthenticate()
metze
|
|
This hopefully fixes bug #6109.
metze
|
|
metze
|
|
Win7-beta.
The first problem is that we removed the dnsDomain attribute a while
back, so we were returning NULL for two fields. We now return the
realm.
The second problem is that Win7-beta sends the domain in the form the
user typed it, so it may be in either the short or long form. We check
for the short form and convert if needed.
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
Guenther
|
|
netr_GetDcName()
metze
|
|
metze
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
|
|
|
|
|
