Age | Commit message (Collapse) | Author | Files | Lines |
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
Andrew Bartlett
(This used to be commit b9695d5e7cc052a952d8d60bc1ab08e00f4827e8)
|
|
Andrew Bartlett
(This used to be commit 4969f86ac29aa1c4371a5cd01551f45c7fdb4cb2)
|
|
Don't dump the pac to x.dat (accidental commit).
Andrew Bartlett
(This used to be commit a798d76a4ad6c0cb280d4e03e9819702acb16f55)
|
|
other than arcfour-hmac-md5. Currently we still fail to verify other
signatures however.
Andrew Bartlett
(This used to be commit 2e5884fc2472c6bcc7e6e083c28a4da6b2f72af1)
|
|
metze
(This used to be commit 4f933165c22113adecf5f1b57927aa89f1715945)
|
|
(this happens with relative pointers)
metze
(This used to be commit 3ba227aafd75b88c26c6a3fde8d55aeb360e344f)
|
|
ndr_pull_data_blob() doesn't work correct. so make them exclute each other.
jelmer, tridge: does that look correct? it fixes a problem, abartlet had
with krb5pac.idl, where the align flags are inherited from the parent, and we want to get the
[flag(NDR_REMAINING)] DATA_BLOB signature;
metze
(This used to be commit b9ea3e8f9f85098b63081bf12e2be65687921874)
|
|
metze
(This used to be commit 517d0ded6b4dc7aabe48581fee5878637bc2a674)
|
|
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE.
Jeremy.
(This used to be commit 26f63973e6207e3b5c3123f1326027ceac38966f)
|
|
Jeremy.
(This used to be commit da70b2ab2df6d8239811b12b471c578cbff6dca8)
|
|
metze
(This used to be commit 7492afa48db68ee29048f8e1a56ccff712a3d162)
|
|
metze
(This used to be commit b897ad39bb063ee9ca963bd9848837307739f792)
|
|
(This used to be commit e6842fcc9809bcf8de678199a6f28fbbde6c0b83)
|
|
(This used to be commit 0628dfa5c3c74614a86b4f61b8d1555ef41c41bb)
|
|
metze
(This used to be commit e44aca0a8eb41abbaa494d379dd61713dc57c4f3)
|
|
metze
(This used to be commit d8b84112bb40605b07a77ab5f7a44ac1807ccc59)
|
|
metze
(This used to be commit d6af241d7b1459d81479205356c7422c4dcca0fb)
|
|
then a .pidl file.
(This used to be commit d8a31d3048a6421a3d49d3c121bc86d748838b3a)
|
|
(This used to be commit 1caeb3238dac6321bde8e254a8efaf090b4d56b0)
|
|
(This used to be commit 05c020181560afd4e6957be29795536e2d83d71e)
|
|
(OpenBSD 3.7).
(This used to be commit cc24af6545b19ad7710c43399c396e1807f80eeb)
|
|
(This used to be commit db75b2da1ef9d8e926610d918953697dd346fe3b)
|
|
checks for getipnodeby*().
(This used to be commit 623c265312bdbf7a485f2b9a46fc79d2e53edb54)
|
|
Update pidl manpage
(This used to be commit a69e88e7b19b8f05222b54aea88395b51b96c003)
|
|
(This used to be commit 0c0a4b55cff4079276073060dae91ff0c19af42f)
|
|
(This used to be commit 045bce900ea0b864bf3ac2fe8c197d42c6d38a91)
|
|
rafal
(This used to be commit d6936185d5e4a85b188d5117d7a3b3d6bea2f96b)
|
|
(this is taken from the ethereal dissector)
metze
(This used to be commit c50f5fe33b0025edbf473d7c166dea9655e2d42f)
|
|
- use LIBCLI_WREPL for the winsreplication client code
- fix some dependencies
metze
(This used to be commit 7dd931ee5ac1408da8d14d00f43d19473e06871e)
|
|
- use this for the send_queue's of the different stream_servers
to not redefine the same struct so often, and it maybe will be used
in other places too
metze
(This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
|
|
- only use -g if supported
- don't allow AC_PROG_C and friends to autoset the CFLAGS
(we don't want -g -02 by default..., maybe a configure option
for -OX could be useful...)
metze
(This used to be commit f3e0bf022f6a1d5de0d21eb7be3ec97f526fe631)
|
|
metze
(This used to be commit cd444bd6f0743cd5ba1d2b137c2411d3088ff6f0)
|
|
(don't use m4_regexp: use regexp or m4_bregexp)
metze
(This used to be commit 89149c06c9319a9ab1e1b411af3e931afa8035aa)
|
|
This fixes the
standalone pidl build (as used for ethereal)
(This used to be commit 9c9ebd2214423c58357854f09bd744e13e807d8f)
|
|
Andrew Bartlett
(This used to be commit c17926b6fe278fd757862885f82fd342b755167c)
|
|
use the MIPSPro 7.4 -c99 option to get C99 support. Try to find
a common perl that is more modern than /usr/bin/perl.
(This used to be commit 82fab8b747bf68d8548c6f0f2f4bff98bd428d22)
|
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
(This used to be commit d99c9e2817fbbe2a0a34910672c8473889bc6176)
|
|
dissector compiling and linking. It's really an enum defined in
security.idl.
(This used to be commit b62811afcb85accf9ea0cf12f4b659cd9898e275)
|
|
a FT_UINT64. Not sure about a NTTIME_hyper though.
(This used to be commit 42568d3f286679656417301d1cf29d3f0cd71030)
|
|
(This used to be commit 5b8b956887f80e99894e5732568ee65d670aaa72)
|
|
return here.
Andrew Bartlett
(This used to be commit 73bd6c75343808952d97e32be9f624aba11c78d1)
|
|
support.microsoft.com/?kbid=832572
(It inhbits the generation of a PAC).
Andrew Bartlett
(This used to be commit 330f351085089cc8f72eb350ec8b017b35e7e59c)
|
|
(This used to be commit de9830979788528754175b17fe45477e6ce9ce9e)
|
|
'make clean gcov' to generate a set of files describing the test coverage
of the Samba 4 code.
(This used to be commit 72bb84add469ad4f027ddbd8d73bb846b0609fa2)
|
|
(This used to be commit 8d246fac49332426699e797f52ef694083b5e2ea)
|
|
'MEMORY_WILDCARD' keytab type. (part of this checking is in effect a
merge from lorikeet-heimdal, where I removed this)
This is achieved by correctly using the GSSAPI gsskrb5_acquire_cred()
function, as this allows us to specify the target principal, regardless
of which alias the client may use.
This patch also tries to simplify some principal handling and fixes some
error cases.
Posted to samba-technical, reviewed by metze, and looked over by lha on IRC.
Andrew Bartlett
(This used to be commit 506a7b67aee949b102d8bf0d6ee9cd12def10d00)
|
|
(This used to be commit c1e9fb24e1b53fb2c5ee6e32454350dff710c627)
|
|
(This used to be commit 0e358de93a007db921ad5e9a892114122254de39)
|