summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2008-09-08Simplfy SetSecrets behaviour in line with RPC-LSA and Win2008.Andrew Bartlett1-51/+64
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
2008-09-08Try to implement the right logic for systemFlagsAndrew Bartlett1-0/+37
The MS-ADTS document has quite detailed instrucitons on how these flags should be processed. This change also causes the correct sign-wrapping to occour, as these are declared as signed integers. Andrew Bartlett (This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
2008-09-08Don't expose passwords, even to the administrator.Andrew Bartlett1-1/+14
This ensures they don't leak over LDAP, but does not prevent access, as ldbsearch locally still bypasses these controls. Andrew Bartlett (This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
2008-09-08More work towards trusted domains support in Samba4's LSAAndrew Bartlett3-54/+327
Make 'lsar_CreateTrustedDomain' consistant with lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle Implement LSA server logic to create the cn=users trust account for incoming trusts. Andrew Bartlett (This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
2008-09-06Remove <tab> in OpenLDAP MMR configOliver Liebel1-1/+0
Signed-of-by: Andrew Bartlett <abartlet@samba.org> (This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
2008-09-06Make SMB signing work with Windows 2008 and kerberos.Andrew Bartlett1-4/+1
Pinched from b53e6387e30010509034835acf88b91b380ff44a by metze. Andrew Bartlett (This used to be commit d55602e23e7947462cb402b20b2d354b96aa7ba3)
2008-09-05Add a new error codeAndrew Bartlett2-0/+2
(This used to be commit b52fba5b2c63a24acbfc7e3e989c16b691d98162)
2008-09-05Update copyrightAndrew Bartlett1-1/+1
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
2008-09-05Update copyright, I've been working here many long years...Andrew Bartlett1-1/+1
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
2008-09-05Move our DC to implement mandetory signing.Andrew Bartlett2-4/+10
(this does not change the file server role, and only really changes what 'server signing = auto' means) Optional signing really isn't any benifit to network security. In doing so, allow anonymous clients (if permitted by policy) to log in without signing, as Samba3 does not sign these connections (which would use an all-zero key, so pointless). Andrew Bartlett (This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
2008-09-05With a windows 2008 client, even anonymous requires signing...Andrew Bartlett1-6/+0
Andrew Bartlett (This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
2008-09-04More work to implement LSA CreateTrustedDomainEx2Andrew Bartlett3-11/+63
We still don't get the format inside the encrypted blob correct however. Andrew Bartlett (This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
2008-09-04Merge commit 'origin/v4-0-test' into trusted-domainsAndrew Bartlett9-63/+62
(This used to be commit b599b83a13db90b50a5422ff73daa63648b1e8cd)
2008-09-03Regenerate SWIG file.Jelmer Vernooij3-12/+32
(This used to be commit e8ba65c4db986fcedf7008d05d8f8846f78a98f1)
2008-09-03Avoid using version call for version string.Jelmer Vernooij3-33/+4
(This used to be commit 1897cef508c8bea817c510bd9023d794cb983864)
2008-09-03Allow overriding shared library policy using environment variable.Jelmer Vernooij1-2/+4
(This used to be commit d5c61f470d7aa6dd0e5a22e8718d53a69cbbc239)
2008-09-03Fix embedding of Samba 4.Jelmer Vernooij3-17/+23
(This used to be commit 3862f3132549332e0a44fad65d7c49a27e1dbd4a)
2008-09-03Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartletAndrew Bartlett8-42/+428
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett6-38/+164
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-09-03Merge krb5_cksumtype_to_enctype from Heimdal svn -r 23719Andrew Bartlett1-32/+70
(This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
2008-09-03Test a few more error cases in RPC-PACAndrew Bartlett1-2/+179
(This used to be commit 50502b3b8faf89cf5ad396102f4fe80eaa213908)
2008-09-02Start testing CreateTrustedDomainEx2Andrew Bartlett1-1/+108
Andrew Bartlett (This used to be commit 91ae8dca254aa8c032daf0c87fa2a47760d32586)
2008-09-02Share IDL between the LSA and drsblob representations of trustsAndrew Bartlett2-41/+51
(This used to be commit e5520706c88911c66b3ce5817e371900212ca083)
2008-09-01Follow MS-LSAD 3.1.4.7.12 and set defaults when creating a trust.Andrew Bartlett2-3/+24
Also check we get the defaults correct with a query in the torture suite. Andrew Bartlett (This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
2008-08-29Start implementing the server-sde NETLOGON PAC verification.Andrew Bartlett1-1/+46
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
2008-08-29It turns out that the Netlogon PAC verification is encrypted.Andrew Bartlett3-3/+12
This test now passes against Win2k3, and a implementation in the Samba4 server should follow shortly. Andrew Bartlett (This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
2008-08-29Update packaging per suggestions on the reviewAndrew Bartlett2-6/+53
Also make the build more C++ friendly with a patch from Brad Hards. Andrew Bartlett (This used to be commit 1367b94c8fb421dd517e7e8044af7606a4693365)
2008-08-28Further rework the RPC-PAC test.Andrew Bartlett2-35/+16
This would seem to match the documentation requirements for the PAC verfication over NETLOGON, but I can't get Win2k3 to accept it so far. Andrew Bartlett (This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett6-129/+243
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-28Don't wipe the PAC checksums, the caller may actually need them.Andrew Bartlett1-14/+0
(This used to be commit 9db5a966fce0b71a0d2167b4aff70cc081abc1cc)
2008-08-27Add missing file - netlogon.hAndrew Bartlett1-0/+6
This file allows the remote_pac.c code to call into netlogon.c's setup credentials code. Andrew Bartlett (This used to be commit 0343987cf18c1287d98ae542d397ab1fab0a04b7)
2008-08-27Add a test to explore Netlogon PAC validationAndrew Bartlett8-9/+263
However, I have still not figured out this protocol yet, and the docs are rather unclear... :-( Andrew Bartlett (This used to be commit d878643071a1477435a267e2944461d367cdfa79)
2008-08-27Put the internal gensec_gssapi state into a header.Andrew Bartlett2-43/+69
This will allow a torture suite to inspect some otherwise internal details. Andrew Bartlett (This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
2008-08-27Fix the build on Win32, and use NEGOTIATE security (to allow kerberos)Andrew Bartlett2-2/+2
(This used to be commit f0bde093d76fe9d17a0709cf01fa7b70f1985c6b)
2008-08-27Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into pac-verifyAndrew Bartlett510-37923/+49833
(This used to be commit 32143287c7eb452c6ed9ccd15e8cd4e5a907b437)
2008-08-27Add definition for NT_STATUS_DOWNGRADE_DETECTEDAndrew Bartlett2-0/+2
(This used to be commit f6e227b72bb56d12cb270d76f7f458136c4ca160)
2008-08-26heimdal: add missing heimdal/lib/hcrypto/{evp-aes-cts.c,evp-hcrypto.c}, sorry...Stefan Metzmacher2-0/+453
metze (This used to be commit 0c4227e45d6b8e31a0219358042318e9d2a0b36d)
2008-08-26heimdal_build: include heimdal's new EVP code to fix the buildStefan Metzmacher2-1/+6
metze (This used to be commit f454342d48e1dce7dff0bcff246c7237bed94fd5)
2008-08-26heimdal: import heimdal's trunk svn rev 23697 + lorikeet-heimdal patchesStefan Metzmacher465-1953/+2747
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo. metze (This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
2008-08-26heimdal_build: fix parse.h lex.c dependenciesStefan Metzmacher1-15/+12
metze (This used to be commit dbfbd1b018f7c29dde2e291cbb7bb54bf147a10e)
2008-08-26heimdal_build: autogenerate the heimdal private/proto headersStefan Metzmacher15-8824/+464
Now it's possible to just use a plain heimdal tree in source/heimdal/ without any pregenerated files. metze (This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88)
2008-08-26heimdal_build: autogenerate table files in heimdal/lib/wind/Stefan Metzmacher34-26563/+46097
metze (This used to be commit f4cfba26aebb18fecdb50478bec9c07d4910ab3b)
2008-08-26heimdal_build: autogenerate heimdal/lib/roken/roken.hStefan Metzmacher1-0/+10
metze (This used to be commit 3ab59dc66fe2d40533a66ff786d0b2373eea1ab8)
2008-08-26heimdal_build: add fallback for AC_WARNING_ENABLE()Stefan Metzmacher2-1/+3
metze (This used to be commit 8d6d96898dcc948aa0ee004eaeb48dc847946361)
2008-08-26heimdal: remove unused old filesStefan Metzmacher3-510/+0
metze (This used to be commit 94cef56212d7d7c1150aea760dba24bda7190442)
2008-08-26heimdal_build: split heimdal/lib/asn1 file listsStefan Metzmacher1-14/+12
metze (This used to be commit d3e939bf75fb85cf0eb3551856e161e3e58c0031)
2008-08-26heimdal_build: split handwritten and generated hx509 file listsStefan Metzmacher1-3/+6
metze (This used to be commit 848067033c40c3a4681f196ac5da289cd488d962)
2008-08-26heimdal_build: split out gssapi_spnego and gssapi_krb5 file listsStefan Metzmacher1-51/+57
metze (This used to be commit 95135ade447e04329afa7581c66c4df8de63ca24)
2008-08-26heimdal_build: add a fake sqlite keytab implementationStefan Metzmacher2-2/+21
This remove a difference against lorikeet-heimdal. metze (This used to be commit 4314df3561dfe60228db0af220549300b0137c85)
2008-08-26heimdal_build: split glue.c into krb5 and gssapi partsStefan Metzmacher3-20/+33
metze (This used to be commit 1c7bb21bd85900206e9ad831bc4795c1f765a9aa)
generated by cgit (git 2.34.1) at 2024-11-02 12:31:05 +0000