mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Windows 2008 (Longhorn) auth2 flag fixes.
Interop fixes for AD specific flags. Original patch from Todd Stetcher.
(This used to be commit 5aadfcdaac
)
This commit is contained in:
parent
a0186fb78d
commit
691c4b1a41
@ -124,7 +124,7 @@ machine %s. Error was : %s.\n", dc_name, nt_errstr(result)));
|
|||||||
|
|
||||||
if (!lp_client_schannel()) {
|
if (!lp_client_schannel()) {
|
||||||
/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
|
/* We need to set up a creds chain on an unauthenticated netlogon pipe. */
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
|
||||||
uint32 sec_chan_type = 0;
|
uint32 sec_chan_type = 0;
|
||||||
unsigned char machine_pwd[16];
|
unsigned char machine_pwd[16];
|
||||||
const char *account_name;
|
const char *account_name;
|
||||||
|
@ -106,6 +106,8 @@ enum RPC_PKT_TYPE {
|
|||||||
/* these are the flags that ADS clients use */
|
/* these are the flags that ADS clients use */
|
||||||
#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
|
#define NETLOGON_NEG_AUTH2_ADS_FLAGS (0x200fbffb | NETLOGON_NEG_ARCFOUR | NETLOGON_NEG_128BIT | NETLOGON_NEG_SCHANNEL)
|
||||||
|
|
||||||
|
#define NETLOGON_NEG_SELECT_AUTH2_FLAGS ((lp_security() == SEC_ADS) ? NETLOGON_NEG_AUTH2_ADS_FLAGS : NETLOGON_NEG_AUTH2_FLAGS)
|
||||||
|
|
||||||
enum schannel_direction {
|
enum schannel_direction {
|
||||||
SENDER_IS_INITIATOR,
|
SENDER_IS_INITIATOR,
|
||||||
SENDER_IS_ACCEPTOR
|
SENDER_IS_ACCEPTOR
|
||||||
|
@ -40,7 +40,7 @@ static NTSTATUS just_change_the_password(struct rpc_pipe_client *cli, TALLOC_CTX
|
|||||||
already have valid creds. If not we must set them up. */
|
already have valid creds. If not we must set them up. */
|
||||||
|
|
||||||
if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
|
if (cli->auth.auth_type != PIPE_AUTH_TYPE_SCHANNEL) {
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
|
||||||
|
|
||||||
result = rpccli_netlogon_setup_creds(cli,
|
result = rpccli_netlogon_setup_creds(cli,
|
||||||
cli->cli->desthost, /* server name */
|
cli->cli->desthost, /* server name */
|
||||||
|
@ -2596,7 +2596,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_ntlmssp_auth_schannel(struct cli_state
|
|||||||
const char *password,
|
const char *password,
|
||||||
NTSTATUS *perr)
|
NTSTATUS *perr)
|
||||||
{
|
{
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
||||||
struct rpc_pipe_client *netlogon_pipe = NULL;
|
struct rpc_pipe_client *netlogon_pipe = NULL;
|
||||||
struct rpc_pipe_client *result = NULL;
|
struct rpc_pipe_client *result = NULL;
|
||||||
|
|
||||||
@ -2630,7 +2630,7 @@ struct rpc_pipe_client *cli_rpc_pipe_open_schannel(struct cli_state *cli,
|
|||||||
const char *domain,
|
const char *domain,
|
||||||
NTSTATUS *perr)
|
NTSTATUS *perr)
|
||||||
{
|
{
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
||||||
struct rpc_pipe_client *netlogon_pipe = NULL;
|
struct rpc_pipe_client *netlogon_pipe = NULL;
|
||||||
struct rpc_pipe_client *result = NULL;
|
struct rpc_pipe_client *result = NULL;
|
||||||
|
|
||||||
|
@ -605,7 +605,7 @@ static NTSTATUS do_cmd(struct cli_state *cli,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (cmd_entry->pipe_idx == PI_NETLOGON) {
|
if (cmd_entry->pipe_idx == PI_NETLOGON) {
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
|
||||||
uint32 sec_channel_type;
|
uint32 sec_channel_type;
|
||||||
uchar trust_password[16];
|
uchar trust_password[16];
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ NTSTATUS net_rpc_join_ok(const char *domain, const char *server,
|
|||||||
{
|
{
|
||||||
enum security_types sec;
|
enum security_types sec;
|
||||||
unsigned int conn_flags = NET_FLAGS_PDC;
|
unsigned int conn_flags = NET_FLAGS_PDC;
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|NETLOGON_NEG_SCHANNEL;
|
||||||
struct cli_state *cli = NULL;
|
struct cli_state *cli = NULL;
|
||||||
struct rpc_pipe_client *pipe_hnd = NULL;
|
struct rpc_pipe_client *pipe_hnd = NULL;
|
||||||
struct rpc_pipe_client *netlogon_pipe = NULL;
|
struct rpc_pipe_client *netlogon_pipe = NULL;
|
||||||
@ -132,7 +132,7 @@ int net_rpc_join_newstyle(int argc, const char **argv)
|
|||||||
struct cli_state *cli;
|
struct cli_state *cli;
|
||||||
TALLOC_CTX *mem_ctx;
|
TALLOC_CTX *mem_ctx;
|
||||||
uint32 acb_info = ACB_WSTRUST;
|
uint32 acb_info = ACB_WSTRUST;
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS|(lp_client_schannel() ? NETLOGON_NEG_SCHANNEL : 0);
|
||||||
uint32 sec_channel_type;
|
uint32 sec_channel_type;
|
||||||
struct rpc_pipe_client *pipe_hnd = NULL;
|
struct rpc_pipe_client *pipe_hnd = NULL;
|
||||||
|
|
||||||
|
@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid,
|
|||||||
|
|
||||||
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
|
NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
|
||||||
uchar trust_password[16];
|
uchar trust_password[16];
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
|
||||||
uint32 sec_channel_type = 0;
|
uint32 sec_channel_type = 0;
|
||||||
|
|
||||||
if (!secrets_fetch_trust_account_password(domain_name,
|
if (!secrets_fetch_trust_account_password(domain_name,
|
||||||
|
@ -2302,7 +2302,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
|||||||
struct winbindd_cm_conn *conn;
|
struct winbindd_cm_conn *conn;
|
||||||
NTSTATUS result;
|
NTSTATUS result;
|
||||||
|
|
||||||
uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS;
|
uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS;
|
||||||
uint8 mach_pwd[16];
|
uint8 mach_pwd[16];
|
||||||
uint32 sec_chan_type;
|
uint32 sec_chan_type;
|
||||||
const char *account_name;
|
const char *account_name;
|
||||||
|
Loading…
Reference in New Issue
Block a user