diff options
| author | Volker Lendecke <vlendec@samba.org> | 2005-10-09 20:32:24 +0000 |
|---|---|---|
| committer | Volker Lendecke <vlendec@samba.org> | 2005-10-09 20:32:24 +0000 |
| commit | c005a51b01726a8cd5af03ae7188a312a6aa5a2f (patch) | |
| tree | 92f8cb2eb1d94e3ae11ded2009662a562f0418a7 /source/lib/replace/replace.h | |
| parent | 907f4a4c0060cb447f2aefd734e8431e0bd3f964 (diff) | |
| download | samba-c005a51b01726a8cd5af03ae7188a312a6aa5a2f.tar.gz samba-c005a51b01726a8cd5af03ae7188a312a6aa5a2f.tar.xz samba-c005a51b01726a8cd5af03ae7188a312a6aa5a2f.zip | |
r10852: Continuation-based programming can become a bit spaghetti...
Initialize a domain structure properly. Excerpt from wb_init_domain.c:
/*
* Initialize a domain:
*
* - With schannel credentials, try to open the SMB connection with the machine
* creds. Fall back to anonymous.
*
* - If we have schannel creds, do the auth2 and open the schannel'ed netlogon
* pipe.
*
* - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back
* to schannel and then to anon bind.
*
* - With queryinfopolicy, verify that we're talking to the right domain
*
* A bit complex, but with all the combinations I think it's the best we can
* get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we
* have a signed&sealed lsa connection on all of them.
*
* Is this overkill? In particular the authenticated SMB connection seems a
* bit overkill, given that we do schannel for netlogon and ntlmssp for
* lsa later on w2k3, the others don't do this anyway.
*/
Thanks to Jeremy for his detective work, and to the Samba4 team for providing
such a great infrastructure.
Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr
with all we have.
Volker
Diffstat (limited to 'source/lib/replace/replace.h')
0 files changed, 0 insertions, 0 deletions