| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| | |
call ntlmssp_end on a null pointer ! (Doh !).
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
get_sorted_dc_list
return NTSTATUS.
If we want to differentiate different name resolution problems we might want
to introduce yet another error class for Samba-internal errors. Things like no
route to host to the WINS server, a DNS server explicitly said host not found
etc might be worth passing up.
Because we can not stash everything into the existing NT_STATUS codes, what
about a Samba-specific error class like NT_STATUS_DOS and NT_STATUS_LDAP?
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
the LGPL. Original code by Krishna Ganugapati <krishnag@centeris.com>.
Additional work by me.
It's still got some warts, but non-secure updates do
currently work. There are at least four things left to
really clean up.
1. Change the memory management to use talloc() rather than
malloc() and cleanup the leaks.
2. Fix the error code reporting (see initial changes to
dnserr.h)
3. Fix the secure updates
4. Define a public interface in addns.h
5. Move the code in libads/dns.c into the libaddns/ directory
(and under the LGPL).
A few notes:
* Enable the new code by compiling with --with-dnsupdate
* Also adds the command 'net ads dns register'
* Requires -luuid (included in the e2fsprogs-devel package).
* Has only been tested on Linux platforms so there may be portability
issues.
|
| | |
| |
| |
| | |
when using smbpasswd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ntlm_auth module to allow it to use winbindd cached
credentials.The credentials are currently only stored
in a krb5 MIT environment - we need to add an option to
winbindd to allow passwords to be stored even in an NTLM-only
environment.
Patch from Robert O'Callahan, modified with some fixes
by me.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Thanks to Michael Adam <ma@sernet.de>
hop, hop, hop... ;-)
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
net_ads_join.
Thanks to Michael Adam <ma@sernet.de>
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Thanks to Michael Adam <ma@sernet.de>.
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Thanks to Michael Adam <ma@sernet.de>.
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
NO_LOGON_SERVERS if no domain controller was found.
Thanks to Michael Adam <ma@sernet.de>.
Volker
|
| | |
| |
| |
| |
| | |
entries to the group mapping db. Ensure this can't happen.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
independently: Change
internal mapping.c functions to return NTSTATUS instead of BOOL.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
seemed a
bit pointless to me.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove some unused code: pdb_find_alias is not used anymore, and nobody I
think has ever used the pdb_nop operations for group mapping. smbpasswd and
tdb use the default ones and ldap has its own.
Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right
now really makes use of it, but it feels wrong to throw away information so
early.
Volker
|
| | |
| |
| |
| |
| |
| | |
argument.
Volker
|
| | |
| |
| |
| |
| |
| | |
and 305.
Volker
|
| | |
| |
| |
| | |
some memory leaks on error paths in net_ads_join()
|
| | |
| |
| |
| | |
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| | |
fetch the
sambaProfilePath.
Volker
|
| | |
| |
| |
| | |
Volker
|
| | |
| |
| |
| | |
Volker
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
attribute
name attr:: instead of attr:
German domains tend to have umlauts in group names.
More to come tomorrow.
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
easily,
as this puts me into svn blame in places I'm not sure I want my name to show
up....
Volker
|
| | | |
|
| | |
| |
| |
| | |
and createcomputer options
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A patch to make ntlm_auth recognize three new commands in
ntlmssp-client-1 and squid-2.5-ntlmssp:
The commands are the following:
Command: SF <hex number>
Reply: OK
Description: Takes feature request flags similar to samba4's
gensec_want_feature() call. So far, only NTLMSSP_FEATURE_SESSION_KEY,
NTLMSSP_FEATURE_SIGN and NTLMSSP_FEATURE_SEAL are implemented, using the same
values as the corresponding GENSEC_FEATURE_* flags in samba4.
Command: GF
Reply: GF <hex number>
Description: Returns the negotiated flags.
Command: GK
Reply: GK <base64 encoded session key>
Description: Returns the negotiated session key.
(These commands assist a wine project to use ntlm_auth for signing and
sealing of bulk data).
Andrew Bartlett
|
| | |
| |
| |
| |
| |
| | |
share_mode_forall().
Volker
|
| | |
| |
| |
| |
| |
| | |
* createupn=[host_upn@realm]
* createcomputer=<ou path top to bottom> (this was previously
the only arg)
|
| | |
| |
| |
| | |
Disable the one we created and whine.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
toolset.
In 3.0.23 all those commands have been limited to the DC of our primary
domain. Also distinguish calls that may go to remote DCs (search, info,
lookup, etc.) from those that should only go to our primary domain
(join, leave, etc.).
Guenther
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
> r16959 | vlendec | 2006-07-11 23:10:44 +0200 (Di, 11 Jul 2006) | 1 line
>
> get_share_security does not need snum, activate RPC-SAMBA3-SRVSVC
Volker
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This mode proxies pre-calculated blobs from a remote (probably VPN)
client into the domain. This allows clients to change their password
over a PPTP connection (where they would not be able to connect to
SAMR directly).
The precalculated blobs do not reveal the plaintext password.
Original patch by Alexey Kobozev <cobedump@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Major points of interest:
* Figure the DES salt based on the domain functional level
and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
keys
* Remove all the case permutations in the keytab entry
generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
in AD
The resulting keytab looks like:
ktutil: list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
1 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
2 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
3 6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
4 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
5 6 host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
6 6 host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
7 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
8 6 suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
9 6 suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value. The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.
Tested keytab using mod_auth_krb and MIT's telnet. ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
|
| | |
| |
| |
| |
| | |
being used.
Jeremy.
|
| | |
| |
| |
| |
| |
| |
| | |
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
|
| | | |
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| |
| | |
by converting the lookup_XX functions to correctly
return SID_NAME_TYPE enums.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| |
| | |
the correct enumerated type in the macro.
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
| | |
| |
| |
| | |
Jeremy.
|
