CVS update: samba/source/rpc_client

abartlet at samba.org abartlet at samba.org
Mon Mar 24 20:54:12 EST 2003


Date:	Mon Mar 24 09:54:12 2003
Author:	abartlet

Update of /home/cvs/samba/source/rpc_client
In directory dp.samba.org:/tmp/cvs-serv20023/rpc_client

Modified Files:
      Tag: SAMBA_3_0
	cli_netlogon.c 
Log Message:
(merge from HEAD)

NTLM Authentication:

- Add a 'privileged' mode to Winbindd.  This is achieved by means of a directory
  under lockdir, that the admin can change the group access for.

- This mode is now required to access with 'CRAP' authentication feature.
- This *will* break the current SQUID helper, so I've fixed up our ntlm_auth
  replacement:
 - Update our NTLMSSP code to cope with 'datagram' mode, where we don't get a
   challenge.
 - Use this to make our ntlm_auth utility suitable for use in current Squid 2.5
   servers.
 - Tested - works for Win2k clients, but not Win9X at present.  NTLMSSP updates
   are needed.
 - Now uses fgets(), not x_fgets() to cope with Squid environment (I think 
   somthing to do with non-blocking stdin).

- Add much more robust connection code to wb_common.c - it will not connect to 
  a server of a different protocol version, and it will automatically try and 
  reconnect to the 'privileged' pipe if possible.
  - This could help with 'privileged' idmap operations etc in future.

- Add a generic HEX encode routine to util_str.c, 
- fix a small line of dodgy C in StrnCpy_fn()

- Correctly pull our 'session key' out of the info3 from th the DC.  This is 
  used in both the auth code, and in for export over the winbind pipe to 
  ntlm_auth.

- Given the user's challenge/response and access to the privileged pipe, 
  allow external access to the 'session key'.  To be used for MSCHAPv2 
  integration.  

Andrew Bartlett


Revisions:
cli_netlogon.c		1.69.2.4 => 1.69.2.5
	http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_client/cli_netlogon.c?r1=1.69.2.4&r2=1.69.2.5


More information about the samba-cvs mailing list