IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password. This ensures we do no
validation or filtering of the password before we get a chance to MD4
it. We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.
All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.
This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.
The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.
Andrew Bartlett
ldap server suddenly dies.
We were creating a wrong talloc hierarchy, so the event.fde was not
freed automatically as expected. This in turn made the event system call
the ldap io handlers with a null packet structure, causing a segfault.
Fix also the ordering in ldap_connection_dead()
Thanks to Metze for the huge help in tracking down this one.
We need to start signing when we got NT_STATUS_OK from the server
and manually check the signature of the servers response.
This is needed as the response might be signed with the krb5 acceptor subkey,
which comes within the server response.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL seqnum: 0
response1 => BSRSPYL seqnum: 0
request2 => BSRSPYL seqnum: 0
response2 => <SIGNATURE> seqnum: 1
and with krb5:
request1 => BSRSPYL seqnum: 0
response1 => <SIGNATURE> seqnum: 1
metze
Even if signing is mandatory.
With NTLMSSP this happens for the session setup:
request1 => BSRSPYL
response1 => BSRSPYL
request2 => BSRSPYL
response2 => <SIGNATURE>
and with krb5:
request1 => BSRSPYL
response1 => <SIGNATURE>
metze