Author: metze Date: 2005-10-10 06:37:57 +0000 (Mon, 10 Oct 2005) New Revision: 10860
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10860 Log: [EMAIL PROTECTED] (orig r10836): metze | 2005-10-08 18:35:33 +0200 giving NT_STATUS_NO_MEMORY, when the connection fails wasn't a good idea... metze [EMAIL PROTECTED] (orig r10838): vlendec | 2005-10-08 19:45:27 +0200 Get us an schannel'ed netlogon pipe. Abartlet, now I think I need some assistance to implement the pam auth & crap auth calls. Volker [EMAIL PROTECTED] (orig r10839): jelmer | 2005-10-08 19:55:28 +0200 Add some [ref] (required for ethereal and Samba3 parser generators) [EMAIL PROTECTED] (orig r10840): jelmer | 2005-10-08 19:55:56 +0200 Fix indentation [EMAIL PROTECTED] (orig r10842): jelmer | 2005-10-08 22:19:35 +0200 Fix some issues with [out] unions that have a discriminator that is only [in] [EMAIL PROTECTED] (orig r10843): vlendec | 2005-10-09 10:32:06 +0200 Reformatting [EMAIL PROTECTED] (orig r10844): abartlet | 2005-10-09 14:13:05 +0200 Add challenge-response authentication to Samba4's winbindd for VL. Plaintext should be simple, but I'm going to do some infrustructure work first. Andrew Bartlett [EMAIL PROTECTED] (orig r10845): abartlet | 2005-10-09 14:38:23 +0200 Add new function to decrypt the session keys in samlogon responses. Andrew Bartlett [EMAIL PROTECTED] (orig r10846): vlendec | 2005-10-09 14:50:35 +0200 Create a "wbsrv_domain", change wb_finddcs to the style of the rest of the async helpers. Volker [EMAIL PROTECTED] (orig r10847): abartlet | 2005-10-09 15:03:52 +0200 Fix up new 'decrypt samlogon reply' routine to be more robust, and use it in the RPC-SAMLOGON test. Andrew Bartlett [EMAIL PROTECTED] (orig r10848): jelmer | 2005-10-09 15:40:55 +0200 Fix warning [EMAIL PROTECTED] (orig r10849): jelmer | 2005-10-09 15:53:48 +0200 Fix handling of [charset] for strings with fixed or "inline" size [EMAIL PROTECTED] (orig r10852): vlendec | 2005-10-09 22:32:24 +0200 Continuation-based programming can become a bit spaghetti... Initialize a domain structure properly. Excerpt from wb_init_domain.c: /* * Initialize a domain: * * - With schannel credentials, try to open the SMB connection with the machine * creds. Fall back to anonymous. * * - If we have schannel creds, do the auth2 and open the schannel'ed netlogon * pipe. * * - Open LSA. If we have machine creds, try to open with ntlmssp. Fall back * to schannel and then to anon bind. * * - With queryinfopolicy, verify that we're talking to the right domain * * A bit complex, but with all the combinations I think it's the best we can * get. NT4, W2k3SP1 and W2k all have different combinations, but in the end we * have a signed&sealed lsa connection on all of them. * * Is this overkill? In particular the authenticated SMB connection seems a * bit overkill, given that we do schannel for netlogon and ntlmssp for * lsa later on w2k3, the others don't do this anyway. */ Thanks to Jeremy for his detective work, and to the Samba4 team for providing such a great infrastructure. Next step is to connect to SAM. Do it via LDAP if we can, fall back to samr with all we have. Volker [EMAIL PROTECTED] (orig r10853): vlendec | 2005-10-09 22:57:49 +0200 Convert wbinfo -n to properly init the domain. Volker [EMAIL PROTECTED] (orig r10854): jelmer | 2005-10-09 23:30:41 +0200 talloc_get_type() can return NULL.. [EMAIL PROTECTED] (orig r10855): abartlet | 2005-10-10 00:19:20 +0200 Put the domain SID in secrets.ldb by default, and add http as a default SPN alias. Andrew Bartlett [EMAIL PROTECTED] (orig r10856): tridge | 2005-10-10 01:29:26 +0200 we need aclocal.m4 in ldb for standalone configure [EMAIL PROTECTED] (orig r10859): vlendec | 2005-10-10 08:18:17 +0200 Make the flow a bit clearer Added: branches/tmp/samba4-winsrepl/source/lib/ldb/aclocal.m4 branches/tmp/samba4-winsrepl/source/winbind/wb_init_domain.c Modified: branches/tmp/samba4-winsrepl/ branches/tmp/samba4-winsrepl/source/include/structs.h branches/tmp/samba4-winsrepl/source/lib/ldb/tests/slapd.conf branches/tmp/samba4-winsrepl/source/libcli/auth/credentials.c branches/tmp/samba4-winsrepl/source/libcli/composite/composite.c branches/tmp/samba4-winsrepl/source/libcli/nbt/nbtname.c branches/tmp/samba4-winsrepl/source/libcli/wrepl/winsrepl.c branches/tmp/samba4-winsrepl/source/librpc/idl/dfs.idl branches/tmp/samba4-winsrepl/source/nsswitch/winbindd_nss.h branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba/NDR/Client.pm branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba/NDR/Parser.pm branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba3/Client.pm branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba3/Header.pm branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba3/Parser.pm branches/tmp/samba4-winsrepl/source/pidl/lib/Parse/Pidl/Samba3/Types.pm branches/tmp/samba4-winsrepl/source/rpc_server/spoolss/dcesrv_spoolss.c branches/tmp/samba4-winsrepl/source/setup/provision.ldif branches/tmp/samba4-winsrepl/source/setup/secrets.ldif branches/tmp/samba4-winsrepl/source/torture/rpc/samlogon.c branches/tmp/samba4-winsrepl/source/winbind/config.mk branches/tmp/samba4-winsrepl/source/winbind/wb_async_helpers.c branches/tmp/samba4-winsrepl/source/winbind/wb_async_helpers.h branches/tmp/samba4-winsrepl/source/winbind/wb_samba3_cmd.c branches/tmp/samba4-winsrepl/source/winbind/wb_samba3_protocol.c branches/tmp/samba4-winsrepl/source/winbind/wb_server.c branches/tmp/samba4-winsrepl/source/winbind/wb_server.h Changeset: Sorry, the patch is too large (2782 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=10860