Age | Commit message (Collapse) | Author | Files | Lines |
|
Administrator, not Domain Admins in general).
Guenther
(This used to be commit abad44a57dfdf492f548c05a897af341ba0f5e68)
|
|
(merge from Samba 3).
Guenther
(This used to be commit fa1127c5456fd112568e929e409953dcd3cb2e21)
|
|
metze
(This used to be commit fbd78b6272eaca4b89071139e4b34cbdd15ed644)
|
|
metze
(This used to be commit 7f1de54c84f86c292833c7e66ab2699ee4f83c52)
|
|
metze
(This used to be commit ae559920e1d227e4e787fe34d908a965b922b284)
|
|
metze
(This used to be commit 2acf203949998f3ca2423a8535302a777accacb7)
|
|
seperate file
metze
(This used to be commit 3c8bc98c1bc654287a3a16277c7c63c476ddfff4)
|
|
- add some comments
metze
(This used to be commit e1611b622184b48d2cef1eff2646a09f9e691f9b)
|
|
metze
(This used to be commit d003654b1c1cbc00602e994b83f40fcfcf349596)
|
|
metze
(This used to be commit 7cf1423bc850aca93453d337b49ba593a034000d)
|
|
metze
(This used to be commit 7b284174aa36fdd5d6841dab4934f1f6ecfba4ce)
|
|
metze
(This used to be commit 252d5edfb5b4c2a32f943e881f19b61698e9662f)
|
|
metze
(This used to be commit 082f418fab867e1ca5ab9418514d5578a069eebb)
|
|
ldb_msg_add_steal_value().
These try to maintain the talloc heirachy, which must be correct
otherwise talloc_steal operations of entire attribute lists fails.
This fixes the currentTime value, found by using Microsoft's dcdiag
tool (before this commit, it pointed to invalid memory, due to the
changes in -r 13606)
Andrew Bartlett
(This used to be commit 424df1bb369fddcfd358cf26dd0da9d3851d181e)
|
|
The module was just used to get to the ldb so it was meningless.
Also add LDB_WAIT_ONCE e relative code in ldb_ildap.c
(This used to be commit d5b467b7c132b0bd4d23918ba7bf3370b1afcce8)
|
|
Currently only ldb_ildap is async, the plan
is to first make all backend support the async calls,
and then remove the sync functions from backends and
keep the only in the API.
Modules will need to be transformed along the way.
Simo
(This used to be commit 1e2c13b2d52de7c534493dd79a2c0596a3e8c1f5)
|
|
The problem was that the supportedControls were being stolen into the
result sent to the client, then talloc_free()ed. This caused them to
be invalid on the next rootDSE query.
This also tries to avoid attaching the result to the long-term samdb
context, and avoids an extra loop in the result processing (pointed
out by tridge).
Andrew BARtlett
(This used to be commit d0b8957f38fda4d84a318d6121ad87ba53a9ddb3)
|
|
Andrew Bartlett
(This used to be commit b0e7a58cc9e513240c117ad5464c613c7b62410d)
|
|
and testing ...
(This used to be commit 8483f61a1df0c80f3385b1ab5a2628c2a97d41a2)
|
|
this.
This tries to ensure that when we are a client, we cope with mechs
(like GSSAPI) that only abort (unknown server) at first runtime.
Andrew Bartlett
(This used to be commit cb5d18c6190fa1809478aeb60e352cb93c4214f6)
|
|
credentials.
Consistantly rename these elements in the IDL to computer_name.
Fix the server-side code to always lookup by this name.
Add new, even nastier tests to RPC-SCHANNEL to prove this.
Andrew Bartlett
(This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
|
|
(This used to be commit 06ddac2bb1899937b79e3bf89cb84c750c3ce4c5)
|
|
(This used to be commit cbbc0d7cc4f589235d209011bdb0a0401b492d9e)
|
|
(This used to be commit 2b3d56e153b229119fddfa7b378f4d671ee0092c)
|
|
rafal
(This used to be commit 7dde77942bfcb73dfdd7a9840d3ba2a984c05064)
|
|
rafal
(This used to be commit 9ef2275f6179869f2683e96c6f91d9569a6360c8)
|
|
Now, each rpc interface (named pipe, tcp/ip, lrpc and unix
socket) works asynchronously.
Comments to follow.
rafal
(This used to be commit 789f9d43db7ea59e79d5aa498e2e9fd077448825)
|
|
Andrew Bartlett
(This used to be commit 273cb8fd4288f7bf15e0bcad9f6a4cbf4f142b24)
|
|
same time.
This was causing the kdc to shut itself down if 'bind interfaces only = no'.
Andrew Bartlett
(This used to be commit 02ff22a25050687478cfcca4dce35c2346cc2241)
|
|
make it possible to code the difference between a zero length and a NULL DATA_BLOB...
metze
(This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
|
|
(prepare the next commit)
metze
(This used to be commit a1bbf7f2982185cb6cd544b65b4709ab33a850c5)
|
|
initialize
them for the internal use...
found by 'make valgrindtest'
metze
(This used to be commit 1db9501c5261a974c6da1938537c7991ff6cfefd)
|
|
specifically ask for iface_n_bcast() and have to check if it returns
NULL, in which case it is a non-broadcast interface
(This used to be commit d004e250b6710251ea089ac242775481f13b5c2b)
|
|
calculation code. This was originally done in 1997, and has been
morphed a lot since then, but fred should still get credit
(This used to be commit 172e41596fb3b4d2768d6885aea43295cc2f81c1)
|
|
We do need the gsskrb5_get_initiator_subkey() routine. But we should
ensure that we do always get a valid key, to prevent any segfaults.
Without this code, we get a different session key compared with
Win2k3, and so kerberised smb signing fails.
Andrew Bartlett
(This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
|
|
Andrew Bartlett
(This used to be commit b90959f7968ebbfc82ac55d4775d5574b1fc6925)
|
|
Andrew Bartlett
(This used to be commit e1de45bce47292eef1f9c56ea5576c0436e6151d)
|
|
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
(This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
|
|
NTLM2 signing code.
Andrew Bartlett
(This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
|
|
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
|
|
encryption behaviour.
Andrew Bartlett
(This used to be commit 2b3b2f33a4c531f2b0f65521cc352e6d762e95bd)
|
|
Andrew Bartlett
(This used to be commit f075497926f3b8131bf8427ee3a3d5c9e5ee77d7)
|
|
just NTLMSSP.
Andrew Bartlett
(This used to be commit 3e96975d910496db87e8e34e310f0f6d283210bf)
|
|
Andrew Bartlett
(This used to be commit 04e2fe8b6d293092af86a54215c1fa037bbb20e9)
|
|
emulate the behaviour of XP standalone if required).
Andrew Bartlett
(This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
|
|
The new RPC-SCHANNEL test shows that the full credentials state must
be kept in some shared memory, for some length of time. In
particular, clients will reconnect with SCHANNEL (after loosing all
connections) and expect that the credentials chain will remain in the
same place.
To achive this, we do the server-side crypto in a transaction,
including the fetch/store of the shared state.
Andrew Bartlett
(This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
|
|
included in his last commit
(This used to be commit 487b374b4359b2cb5f4e249e595c43bfa568a853)
|
|
error (ie. zero is not an error).
(This used to be commit 1ab4674196b9df0b2b7b6eb4991358cc2f86c0d9)
|
|
we aren't linked against a C99 vsnprintf.
(This used to be commit 23782f899aaa5fe488d86d5e67e91be99ff7a146)
|
|
the form //server/share (ie. remote path missing).
(This used to be commit 443677f58d4ba8d6aa2963ca5848d3e717ee2cac)
|