sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-11-07 12:23:51 +03:00
Code Activity
29,107 Commits 64 Branches 1,177 Tags
397d305e90e90f475b6de0efac7dd9630d698efd
Commit Graph

19 Commits

Author SHA1 Message Date
Marc VanHeyningen
e7f76a0c65 Tiny memory leak 2008-05-29 14:26:50 -07:00
Gerald Carter
00a93ed336 r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree. 
The translate_name() used by cli_session_setup_spnego() cann rely
Winbindd since it is needed by the join process (and hence before
Winbind can be run).
 2007-10-10 12:31:03 -05:00
Gerald Carter
8304ccba73 r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags, 
and client fixes.  Patch from Todd Stetcher <todd.stetcher@isilon.com>.
 2007-10-10 12:31:02 -05:00
Günther Deschner
2dea9464bb r25109: Remove obsolete argument from ads_guess_service_principal(). 
Guenther
 2007-10-10 12:30:41 -05:00
Günther Deschner
f5b3de4d30 r24804: As a temporary workaround, also try to guess the server's principal in the 
"not_defined_in_RFC4178@please_ignore" case to make at least LDAP SASL binds
succeed with windows server 2008.

Guenther
 2007-10-10 12:30:23 -05:00
Andrew Tridgell
b0132e94fc r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text 2007-10-10 12:28:22 -05:00
Jeremy Allison
407e6e695b r23779: Change from v2 or later to v3 or later. 
Jeremy.
 2007-10-10 12:28:20 -05:00
Volker Lendecke
fd0ee6722d r21831: Back out r21823 for a while, this is going into a bzr tree first. 
Volker
 2007-10-10 12:18:37 -05:00
Volker Lendecke
f94e5af72e r21823: Let secrets_store_machine_password() also store the account name. Not used 
yet, the next step will be a secrets_fetch_machine_account() function that
also pulls the account name to be used in the appropriate places.

Volker
 2007-10-10 12:18:36 -05:00
Gerald Carter
6261dd3c67 r16952: New derive DES salt code and Krb5 keytab generation 
Major points of interest:

* Figure the DES salt based on the domain functional level
  and UPN (if present and applicable)
* Only deal with the DES-CBC-MD5, DES-CBC-CRC, and RC4-HMAC
  keys
* Remove all the case permutations in the keytab entry
  generation (to be partially re-added only if necessary).
* Generate keytab entries based on the existing SPN values
  in AD

The resulting keytab looks like:

ktutil:  list -e
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   2    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   3    6 host/suse10.plainjoe.org@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   4    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   5    6           host/suse10@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   6    6           host/suse10@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)
   7    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with CRC-32)
   8    6               suse10$@COLOR.PLAINJOE.ORG (DES cbc mode with RSA-MD5)
   9    6               suse10$@COLOR.PLAINJOE.ORG (ArcFour with HMAC/md5)

The list entries are the two basic SPN values (host/NetBIOSName & host/dNSHostName)
and the sAMAccountName value.  The UPN will be added as well if the machine has
one. This fixes 'kinit -k'.

Tested keytab using mod_auth_krb and MIT's telnet.  ads_verify_ticket()
continues to work with RC4-HMAC and DES keys.
 2007-10-10 11:19:15 -05:00
Günther Deschner
8fc70d0df0 r16115: Make "net ads changetrustpw" work again. 
(adapt to the new UPN/SPN scheme).

Guenther
 2007-10-10 11:17:21 -05:00
Jeremy Allison
53acf222a8 r3796: Patch from Jay Fenlason <fenlason@redhat.com>. Don't free static buffers. 
Jeremy.
 2007-10-10 10:53:18 -05:00
Jeremy Allison
ff4cb6b5e8 r3451: Finish off kerberos salting patch. Needs testing ! 
Jeremy.
 2007-10-10 10:53:07 -05:00
Andrew Bartlett
876e00fd11 Merge from HEAD - save the type of channel used to contact the DC. 
This allows us to join as a BDC, without appearing on the network as one
until we have the database replicated, and the admin changes the configuration.

This also change the SID retreval order from secrets.tdb, so we no longer
require a 'net rpc getsid' - the sid fetch during the domain join is sufficient.
Also minor fixes to 'net'.

Andrew Bartlett
 -
Andrew Bartlett
837680ca51 Merge from HEAD client-side authentication changes: 
- new kerberos code, allowing the account to change it's own password
   without special SD settings required
 - NTLMSSP client code, now seperated from cliconnect.c
 - NTLMv2 client code
 - SMB signing fixes

Andrew Bartlett
 -
Gerald Carter
65e7b5273b sync'ing up for 3.0alpha20 release -
Jelmer Vernooij
3928578b52 sync 3.0 branch with head -
Tim Potter
6a58c9bd06 Removed version number from file header. 
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
 -
Andrew Tridgell
7984ae0121 forgot to commit this file from remus -