1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
samba-mirror/source4
Stefan Metzmacher bf8f8c592b s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names
authenticate_ldap_simple_bind*() needs to pass the
result of the cracknames operation into the auth stack
as user_info->client.{account,domain}_name, because
user_info->client.{account,domain}_name is also used
when forwarding the request via netrLogonSamLogon*
to a remote server, for exactly that the values are
also used in order to map a AUTH_PASSWORD_PLAIN into
AUTH_PASSWORD_RESPONSE, where the NTLMv2 response
contains the account and domain names passed in the
netr_IdentityInfo value.

Otherwise it would not be possible to forward the
LDAP simple bind authentication request to a remote
DC.

Currently this only applies to an RODC that forwards
the request to an RWDC.

But note that LDAP simple binds (as on Windows) only
work for users in the DCs forest, as the DsCrackNames
need to work and it can't work for users of remote
forests. I tested that in a DC of a forest root domain,
if rejected the LDAP simple bind against a different forest,
but allowed it for a users of a child domain in the
same forest. The NTLMSSP bind worked in both cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184

(cherry picked from commit 40f2070d3b)

Autobuild-User(v4-16-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184
2022-03-16 14:40:08 +00:00
..
auth s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4names 2022-03-16 14:40:08 +00:00
cldap_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
client s4/cifsdd: don't ignore unknown options 2021-09-10 15:10:30 +00:00
cluster dbwrap: Remove calls to loadparm 2018-04-24 01:53:19 +02:00
dns_server s4:dns_server: Remove less-than-zero comparison of an unsigned value 2021-12-15 19:32:30 +00:00
dsdb s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit logging 2022-03-16 13:41:14 +00:00
echo_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
include lib: Remove global xfile.h includes 2016-11-20 06:23:19 +01:00
kdc s4:kdc: don't set mapped_state in auth_usersupplied_info for audit logging 2022-03-16 13:41:14 +00:00
ldap_server CVE-2021-3670 ldap_server: Clearly log LDAP queries and timeouts 2021-11-25 02:30:42 +00:00
lib s4/regtree: don't ignore unknown options 2021-09-10 15:10:30 +00:00
libcli s4: libcli: smbcli_unlink() is no longer used with wildcard patterns. 2021-12-09 18:06:35 +00:00
libnet s4:libnet: Allow libnet_SetPassword() for encrypted SMB connections 2021-08-03 09:28:38 +00:00
librpc blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test 2022-01-30 11:52:27 +00:00
nbt_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntp_signd s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
ntvfs librpc: Add named_pipe_auth_req_info5->transport 2021-12-10 14:02:30 +00:00
param libcli/smb: actually make use of "client/server smb3 signing algorithms" 2021-07-15 00:06:31 +00:00
rpc_server s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for audit logging 2022-03-16 13:41:14 +00:00
samba Happy New Year 2022! 2022-01-01 01:24:21 +00:00
script python: remove all 'from __future__ import print_function' 2021-04-28 03:43:34 +00:00
scripting gp: Apply Firewalld Policy 2021-11-01 21:16:43 +00:00
selftest selftest: use 'kdc enable fast = no' for fl2000 fl2003 2022-03-14 14:27:13 +00:00
setup CVE-2020-25722 blackbox/upgrades tests: ignore SPN for ldapcmp 2021-11-09 19:45:33 +00:00
smb_server s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_info 2022-03-16 13:41:14 +00:00
torture s4: torture: Add new SMB2 lease test test_lease_duplicate_open(). 2022-03-07 10:54:17 +00:00
utils s4:utils: Migrate oLschema2ldif to new cmdline option parser 2021-06-20 23:26:32 +00:00
winbind s3: Remove --log-stdout from daemons 2021-04-29 03:58:37 +00:00
wrepl_server s4: rename source4/smbd/ to source4/samba/ 2020-11-27 10:07:18 +00:00
.clang_complete
.valgrind_suppressions
wscript_build s4:client: Migrate cifsdd to new cmdline option parser 2021-06-16 00:34:38 +00:00