summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-08-28Further rework the RPC-PAC test.Andrew Bartlett2-35/+16
This would seem to match the documentation requirements for the PAC verfication over NETLOGON, but I can't get Win2k3 to accept it so far. Andrew Bartlett (This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett6-129/+243
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-28Don't wipe the PAC checksums, the caller may actually need them.Andrew Bartlett1-14/+0
(This used to be commit 9db5a966fce0b71a0d2167b4aff70cc081abc1cc)
2008-08-27Add missing file - netlogon.hAndrew Bartlett1-0/+6
This file allows the remote_pac.c code to call into netlogon.c's setup credentials code. Andrew Bartlett (This used to be commit 0343987cf18c1287d98ae542d397ab1fab0a04b7)
2008-08-27Add a test to explore Netlogon PAC validationAndrew Bartlett8-9/+263
However, I have still not figured out this protocol yet, and the docs are rather unclear... :-( Andrew Bartlett (This used to be commit d878643071a1477435a267e2944461d367cdfa79)
2008-08-27Put the internal gensec_gssapi state into a header.Andrew Bartlett2-43/+69
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
2008-08-27Fix the build on Win32, and use NEGOTIATE security (to allow kerberos)Andrew Bartlett2-2/+2
(This used to be commit f0bde093d76fe9d17a0709cf01fa7b70f1985c6b)
2008-08-27Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verifyAndrew Bartlett510-37923/+49833
(This used to be commit 32143287c7eb452c6ed9ccd15e8cd4e5a907b437)
2008-08-27Add definition for NT_STATUS_DOWNGRADE_DETECTEDAndrew Bartlett2-0/+2
(This used to be commit f6e227b72bb56d12cb270d76f7f458136c4ca160)
2008-08-26heimdal: add missing heimdal/lib/hcrypto/{evp-aes-cts.c,evp-hcrypto.c}, sorry...Stefan Metzmacher2-0/+453
metze (This used to be commit 0c4227e45d6b8e31a0219358042318e9d2a0b36d)
2008-08-26heimdal_build: include heimdal's new EVP code to fix the buildStefan Metzmacher2-1/+6
metze (This used to be commit f454342d48e1dce7dff0bcff246c7237bed94fd5)
2008-08-26heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patchesStefan Metzmacher465-1953/+2747
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze (This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
2008-08-26heimdal_build: fix parse.h lex.c dependenciesStefan Metzmacher1-15/+12
metze (This used to be commit dbfbd1b018f7c29dde2e291cbb7bb54bf147a10e)
2008-08-26heimdal_build: autogenerate the heimdal private/proto headersStefan Metzmacher15-8824/+464
Now it's possible to just use a plain heimdal tree in source/heimdal/ without any pregenerated files. metze (This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88)
2008-08-26heimdal_build: autogenerate table files in heimdal/lib/wind/Stefan Metzmacher34-26563/+46097
metze (This used to be commit f4cfba26aebb18fecdb50478bec9c07d4910ab3b)
2008-08-26heimdal_build: autogenerate heimdal/lib/roken/roken.hStefan Metzmacher1-0/+10
metze (This used to be commit 3ab59dc66fe2d40533a66ff786d0b2373eea1ab8)
2008-08-26heimdal_build: add fallback for AC_WARNING_ENABLE()Stefan Metzmacher2-1/+3
metze (This used to be commit 8d6d96898dcc948aa0ee004eaeb48dc847946361)
2008-08-26heimdal: remove unused old filesStefan Metzmacher3-510/+0
metze (This used to be commit 94cef56212d7d7c1150aea760dba24bda7190442)
2008-08-26heimdal_build: split heimdal/lib/asn1 file listsStefan Metzmacher1-14/+12
metze (This used to be commit d3e939bf75fb85cf0eb3551856e161e3e58c0031)
2008-08-26heimdal_build: split handwritten and generated hx509 file listsStefan Metzmacher1-3/+6
metze (This used to be commit 848067033c40c3a4681f196ac5da289cd488d962)
2008-08-26heimdal_build: split out gssapi_spnego and gssapi_krb5 file listsStefan Metzmacher1-51/+57
metze (This used to be commit 95135ade447e04329afa7581c66c4df8de63ca24)
2008-08-26heimdal_build: add a fake sqlite keytab implementationStefan Metzmacher2-2/+21
This remove a difference against lorikeet-heimdal. metze (This used to be commit 4314df3561dfe60228db0af220549300b0137c85)
2008-08-26heimdal_build: split glue.c into krb5 and gssapi partsStefan Metzmacher3-20/+33
metze (This used to be commit 1c7bb21bd85900206e9ad831bc4795c1f765a9aa)
2008-08-26kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.hStefan Metzmacher2-2/+4
metze (This used to be commit 65057f17b0d9e83f1b775afdeb7ea91ce0e52cd1)
2008-08-26Revert "gsskrb5: add support for DCE_STYLE and des and des3 keys"Stefan Metzmacher2-64/+22
This reverts commit 86848dd0f217774faed81af8fbf68618013e20a1. This should come back via a merge from heimdal's trunk later. metze (This used to be commit 585e5360e2d9f722e80850eb86c3d4253530e8ba)
2008-08-26Revert "gsskrb5: always return an acceptor subkey"Stefan Metzmacher1-18/+4
This reverts commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8. This isn't strictly needed and will come back in the next merge from heimdal's trunk. metze (This used to be commit 8ed040c8c4bed082ab74ab267090b35bb57db3f3)
2008-08-26build: generate :: rules for automatic dependenciesStefan Metzmacher1-2/+2
metze (This used to be commit 66d8da17a4c3543e133452f9a87702a2a8fb609c)
2008-08-26Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verifyAndrew Bartlett1-2/+3
(This used to be commit 2a1adaa759d9201670519b3938109e13c0476a83)
2008-08-26Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett11-173/+802
(This used to be commit d7db5fe161429163a19d18c7e3045939897b9b2a)
2008-08-26Don't use lsa_Delete any more, as smbd now refuses it.Andrew Bartlett1-2/+3
(This used to be commit 8e1285a1ee60e3d3b7352ab7269d535c41916b46)
2008-08-26Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verifyAndrew Bartlett138-2946/+4837
(This used to be commit b706708210a05d6f10474a3cd2bbc550704d4356)
2008-08-26More LSA server and testuite work.Andrew Bartlett2-8/+63
- Implement QueryDomainInformationPolicy in Samba4 - Allow RPC-LSA to pass against Windows 2008 (which does not allow the Audit privilage to be removed) Andrew Bartlett (This used to be commit d94c7bbcd6eee6d975eac32a1d172f4164c97137)
2008-08-26Make RPC-LSA test deterministic with an msleep(200).Andrew Bartlett1-5/+8
(This used to be commit 914e1865aa9fba417f74a3abdd8b4b2659feb001)
2008-08-26Implement matching logic to Windows 2008 on handling of secrets.Andrew Bartlett1-16/+8
This is enforced by the new RPC-LSA test. Andrew Bartlett (This used to be commit da200ac64485fd9531b1aa048570c682b680b012)
2008-08-26Fix LSA server to pass more of RPC-LSA and match Windows 2008Andrew Bartlett1-17/+32
This fixes some info levels in the QueryTrustedDomainInfo call, and changes from implementing lsa_Delete to lsa_DeleteObject (which has an explicit close and reutrns a NULL handle). Andrew Bartlett (This used to be commit 1f12c368b2566b378a6c521c389b8b1bafbcf916)
2008-08-26Only allow the trust in the correct direction (per the flags).Andrew Bartlett1-3/+9
(This used to be commit 2c7195429411d68bc66f4100659c622df4f5a20a)
2008-08-26Update RPC-LSA to (almost) pass against Windows 2008.Andrew Bartlett3-72/+153
(This used to be commit a17cb558c23142e522de3ed56d65c7694477395f)
2008-08-25Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett54-1213/+2080
(This used to be commit a555334db67527b57bc6172e3d08f65caf1e6760)
2008-08-24fixed the data in SAVEFILE op in RAW-OFFLINEAndrew Tridgell1-1/+1
(This used to be commit 3441ea5df5b750442d17b90de73d392d2d802ab1)
2008-08-24show the bad data in RAW-OFFLINEAndrew Tridgell1-3/+10
also show the worst case latencies so far, matching tsm_torture (This used to be commit 5859bb337ce2ec5091425ebd02cad14c4da40457)
2008-08-23don't use zero data for the first file in RAW-OFFLINEAndrew Tridgell1-2/+2
the most likely bugs in HSM involve zero data, due to the dm_punch_hole() request (This used to be commit 330ab956ea7e0b344450eee60b1357d854fbef28)
2008-08-22disable the anr== tests until they are understoodAndrew Tridgell1-12/+13
(This used to be commit 6028404a9a9db64d4025ef6e685ee13c4aadca2e)
2008-08-22now that ldap integers are 32 bit, we need to put the right 32 bitAndrew Tridgell1-19/+19
value in for group type to avoid sign extension, otherwise we don't find the builtin groups (This used to be commit 9b558639395bd8209313bb7ed2e04821c83975a4)
2008-08-22fixed the DomainDNS searches in the netlogon codeAndrew Tridgell1-2/+2
(This used to be commit 7dce38f9897df02073132f18b1021e0d0636590c)
2008-08-22Merge commit 'origin/v4-0-test' into v4-0-testAndrew Tridgell3-21/+328
(This used to be commit 93cf0b3c7e6d8a4758c44519de51e51be89f76c7)
2008-08-22fixed the GUID and objectSID canonicalisation functionsAndrew Tridgell1-1/+3
(This used to be commit 115053ea7e70b067e7873668ed83f1f10908287d)
2008-08-22fixed a speellling erraAndrew Tridgell1-1/+1
(This used to be commit 3c058f50cc3b91d540feb51fb698d90565b2b7c9)
2008-08-22Merge branch 'abartlet-4-0-local' into v4-0-testAndrew Tridgell38-720/+1183
(This used to be commit 469fac2669991b130dec219e1a109a8b2ce224be)
2008-08-22fixed a problem with length limited ldap valuesAndrew Tridgell10-29/+48
The core ldb code for string matching assumed NULL terminated strings, whereas the anr module used data_blob_const() to effectively truncate a ldb_val by changing its length. The ldb code is supposed to be based around length limited blobs, not NULL terminated strings, so the correct fix was to change the string comparison functions to be length limited (This used to be commit 26c6aa5a80ffaf06fc33f30a6533f8f16ef538bc)
2008-08-22fixed error handling in ANR code Andrew Tridgell1-18/+24
when we can't process an ANR request we need to continue with the parse tree we were given, not a NULL tree (This used to be commit ed66feb80aac7432049fe9fd86a9232984587e17)