| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
This reverts commit 82a086fb6f70dd6b725e4976293bc377a6a90f3a.
|
| |
|
|
|
|
| |
by "Cooper S. Blake" <the_analogkid@yahoo.com>."
This reverts commit 61046225de8a4cd77e94d8c5c4a8f510bc11b79e.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Cooper S. Blake" <the_analogkid@yahoo.com>.
"I believe I have found two bugs in the 3.2 code and one bug that
carried on to the 3.3 branch. In the 3.2 code, everything is
located in the utils/net_rpc_samsync.c file. What I believe is the
first problem is that fetch_database() is calling
samsync_fix_delta_array() with rid_crypt set to true, which means
the password hashes are unencrypted from the RID encryption.
However, I believe this call is redundant, and the corresponding
call for samdump has rid_crypt set to false. So I think the
rid_crypt param should be false in fetch_database().
If you follow the code, it makes its way to sam_account_from_delta()
where the password hashes are decrypted a second time by calling
sam_pwd_hash(). I believe this is what is scrambling my passwords.
These methods were refactored somewhere in the 3.3 branch. Now the
net_rpc_samsync.c class calls rpc_vampire_internals, which calls
libnet/libnet_samsync.c, which calls samsync_fix_delta_array() with
rid_crypt always set to false. I think that's correct. But the
second bug has carried through in the sam_account_from_delta()
function:
208 if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) {
209 sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0);
210 pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED);
211 }
212
213 if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) {
214 sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0);
215 pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED);
If you look closely you'll see that the nt hash is going into the
lm_passwd variable and the decrypted value is being set in the lanman
hash, and the lanman hash is being decrypted and put into the nt hash
field. So the LanMan and NT hashes look like they're being put in
the opposite fields."
Fix this by removing the rid_crypt parameter.
Jeremy.
(cherry picked from commit e38436f731ff09333588cc0751c79029a569f390)
|
| |
|
|
|
|
|
| |
This is a workaround for the cases where you want to join under a netbios name
that is different from your hostname, i.e. a name that can not be found in
/etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results.
(cherry picked from commit 84951b54bc1473aa9275c02cc37a9f0d7d4150e2)
|
| |
|
|
|
|
|
|
| |
Thanks to Atte Peltomäki.
Guenther
(cherry picked from commit 144d374ad9dd981430a82369ceaa2783e6dae90a)
(cherry picked from commit 3e5bff08dac4faf575a11fe3edb17af08170ed74)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit eb4232fec05cd87ea85a781b84a3fbe85f469703)
(cherry picked from commit 28b85a92160c7880253725cd247e064020f8be41)
|
| |
|
|
|
|
|
| |
This code is vastly based on samba4 code.
Guenther
(cherry picked from commit 5b68be96996a710988b1fd1c176cd5dff0f2c6af)
|
| |
|
|
|
|
|
|
| |
This is required now if the join verify failed and we already
modified the local configuration.
Guenther
(cherry picked from commit 2870fe50af5163e30330f5a3ef21d0b7eea85ee5)
|
| |
|
|
|
|
|
| |
Jerry, this fixes the issues while joining with "config backend = registry".
Guenther
(cherry picked from commit b3d47f099286778252c6df6bf2c1fee0c4e26560)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 12d333fd90450fdd3fa8029502509d872cf5cae0)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 1c901c82235a4d6bb4750151caebda0554245f05)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit d7ba98cc3f2d037ec01e079220a66da508b104b0)
(cherry picked from commit 62a2c988f37354e323e1dd8065b4a93edb169ac1)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 7889516a384c155a9045aad4409c041fddd0d98d)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 82cbb3269b2e764c9c2a2fbcbe9c29feae07fb62)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit f3251ba03a69c2fd0335861177159a32b2bc9477)
(cherry picked from commit 6d445c134d4d78f8261c998a5a83feaafb01bbca)
|
| |
|
|
|
|
|
| |
This finally enables joining AD using workgroup or realm name.
Guenther
(cherry picked from commit 0cf16e6b47f5978bdcb84ac8a29ef13ff2b5cca8)
|
| |
|
|
|
|
|
|
| |
Thanks obnox, now we can net ads join and net ads leave with zero
configuration changes if "config backend = registry".
Guenther
(cherry picked from commit 9003881773de787a51ceadcdc2cb1e95f6979763)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 1782e89f3341eca5ee1fa39881ee8efb3fac9a5b)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 8d3d1c094a28f75b01315ee05b7939ffba374f20)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 7fd237c545e0a7e0029195dbbb6691571abdfe84)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit db5e0ed186429667a7f6fc67e4b19a7ca75f357e)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 512e6ca0a9be9fe35994ec1010110573a5b551d1)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit f88910c1e5186737da4eda5a7a396c3238fc6775)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8
netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate
flags everywhere (not only when running in security=ads). Only for NT4 we need
to do a downgrade to the returned negotiate flags.
Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6.
Guenther
(cherry picked from commit 0970369ca0cb9ae465cff40e5c75739824daf1d0)
|
| |
|
|
|
|
|
|
| |
libnetjoin now supports Computers/Servers/Unix as well as
ou=Computers,ou=Servers,ou=Unix,dc=ber,dc=realm,dc=com.
Guenther
(cherry picked from commit c0be84c96d8133c6b77d1f0efe41f5f2373febb3)
|
| |
|
|
|
|
|
| |
This format is used by Windows to enforce joining to a specific DC.
Guenther
(cherry picked from commit cc654892c0d76dea001cd8f7bd6f50cf9e89e9c9)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit b753087ff79c1d35a409eddc1f61e115e887c1e1)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is passed to the module init routines.
In case of the registry, this is the path of the
basekey in registry, that is to be used, defaulting
to KEY_SMBCONF (HKLM\software\samba\smbconf), when
NULL is given. This is the only case currently used.
In order to support other keys, registry initialization
for smbconf has to be changed to support different keys.
Michael
(cherry picked from commit 96434d9dc7a66773e313cc128af57493dee245a1)
|
| |
|
|
|
|
|
|
| |
Hide generic init function taking smbconf_ops argument
from public api.
Michael
(cherry picked from commit b3f6920ccb9a27fde26e889a7f1f3afaf56b784f)
|
| |
|
|
|
| |
Michael
(cherry picked from commit 797b26ad3fad27e085827efb61f6b4d8b37e93f0)
|
| |
|
|
|
|
|
| |
That's more appropriate.
Michael
(cherry picked from commit d7bd9bb8aa2003ec0a9860df26857f67255febe2)
|
| |
|
|
|
| |
Michael
(cherry picked from commit 097af0309d7c3e9342058ba5266667293b23c80d)
|
| |
|
|
|
|
|
|
|
|
|
| |
The libnet_conf code to access the registry based configuration has
become more of a library used in several places in samba (e.g. loadparm)
than an abstraction of "net conf". So I move it to a location lib/smbconf/.
In the same breath, the api is fixed (not generated by make proto anymore).
Michael
(cherry picked from commit 5315ef41f403b96715dd68b512e9e74662e2910a)
|
| |
|
|
|
|
|
|
|
|
| |
Günther, please check. If r->in.ads==NULL, we can't call ads_leave_realm at
all.
Thanks,
Volker
(cherry picked from commit 120d8c889fa9ad61c74f1f936e83537513454648)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit aa9c0f587718f4d647e87b9662acbedba042b9cb)
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
| |
access_desired.
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
| |
Guenther
|
| |
|
|
|
|
|
| |
This is to provide a change sequence number to users, so that they
can use it to detect change in the config and trigger a reload.
Michael
|
| |
|
|
|
|
| |
That's what it actually is.
Michael
|
| |
|
|
| |
Guenther
|
