Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 463982bf3f37bac67e1aaa488e4142d0ecc23307)
|
|
- We can now connect to hosts that follow the SPNEGO RFC, and *do not*
give us their principal name in the mechListMIC.
- The client code now remembers the hostname it connects to
- We now kinit for a user, if there is not valid ticket already
- Re-introduce clock skew compensation
TODO:
- See if the username in the ccache matches the username specified
- Use a private ccache, rather then the global one, for a 'new' kinit
- Determine 'default' usernames.
- The default for Krb5 is the one in the ccache, then $USER
- For NTLMSSP, it's just $USER
Andrew Bartlett
(This used to be commit de5da669397db4ac87c6da08d3533ca3030da2b0)
|
|
introduced by the "compiler warning fix" in rev 1460...
metze
(This used to be commit ffb7ba35cdb2fb19b8271a3585eef075948bef9c)
|
|
- Spelling - it's SPNEGO, not SPENGO
- SMB signing - Krb5 logins are now correctly signed
- SPNEGO - Changes to always tell GENSEC about incoming packets, empty or not.
Andrew Bartlett
(This used to be commit cea578d6f39a2ea4a24e7a0064c95193ab6f6df7)
|
|
Andrew Bartlett
(This used to be commit 10a973da88441b255eda7cbc263ef5c4f2f0fcae)
|
|
the capabilities in the union smb_sesssetup should be used to decide
if we can use extented security
metze
(This used to be commit e3760fcc17cc645d942f0fc7f7325976391309ea)
|
|
so I set 'use spnego = True'
metze
(This used to be commit e06898f88c82c286574f9d73de1a9de829b1ded8)
|
|
metze
(This used to be commit 38e00f87191b86901b603e66aec1e7e71f74c29f)
|
|
code
set lp_use_spnego = False, because I can't get it working yet
but I commit it so others can help me
metze
(This used to be commit 2445cceba9ab9bd928c8bc50927a39509e4526b0)
|
|
(This used to be commit de5984c95602ca67e8ac3139c3aa4330b74266e0)
|
|
I have moved the SPNEGO and Kerberos code into libcli/auth, and intend
to refactor them into the same format as NTLMSSP.
Andrew Bartlett
(This used to be commit 58da78a7460d5d0a4abee7d7b84799c228e6bc0b)
|
|
signing
mistakes.
Jeremy.
(This used to be commit 5c3a2417cfe1bdbdfb35d933d49f77f6696790b3)
|
|
metze
(This used to be commit 57151e80eb1090281401930c8fe25b20a8cf3a38)
|
|
metze
(This used to be commit 9f914e4af99e18b469d4cf9d8b1514a2bd28ddec)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
(This used to be commit 66eb46dbb1486c5916194bf6b303cf16373a272a)
|
|
(This used to be commit 8b6c048a02b4be0ba9c67ed82973041dccdd5c51)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
Andrew Bartlett
(This used to be commit 62eef851fd79b2739b93b4ed7829514a3dcbf1d0)
|
|
- This required using NETLOGON_NEG_AUTH2_FLAGS for the
SetupCredentials2 negotiation flags, which is what Samba3 does,
because otherwise the server uses different crypto.
- This tests the returned session keys, which we decrypt.
- Update the Samba4 notion of a 'session key' to be a DATA_BLOB in
most places.
- Fix session key code to return NT_STATUS_NO_SESSION_KEY if none is
available.
- Remove a useless argument to SMBsesskeygen_ntv1
- move netr_CredentialState from the .idl to the new credentials.h
Andrew Bartlett
(This used to be commit 44f8b5b53e6abd4de8a676f78d729988fadff320)
|
|
request (a dead socket). I discovered this when testing against Sun's
PC-NetLink.
cleaned up the naming of some of the samr requests
add IDL and test code for samr_QueryGroupMember(),
samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I
didn't leave the samr_Shutdown() test in, as its fatal to windows
servers due to doing exactly what it says it does).
(This used to be commit 925bc2622c105dee4ffff809c6c35cd209a839f8)
|
|
rare thing, a non-length string (ie. not a WIRE_STRING) but a null
terminated char string. There wasn't a good interface to pull that
out of a blob (all the string interfaces assumed WIRE_STRINGS). Added
a new one, only used for this call. Sucks, I know - but the alternatives
suck more. Added tests for some of the unix info returned.
Jeremy.
(This used to be commit 4d0ed04c54b105789ffd32334c3b0e544f02418c)
|
|
Jeremy.
(This used to be commit a25ae9addbb362abf67a0cbd6e62bf4cbe06d8b7)
|
|
added ldbedit, a _really_ useful command
added ldbadd, ldbdel, ldbsearch and ldbmodify to build
solved lots of timezone issues, we now pass the torture tests with
client and server in different zones
fixed several build issues
I know this breaks the no-LDAP build. Wait till I arrive in San Jose for that
fix.
(This used to be commit af34710d4da1841653624fe304b1c8d812c0fdd9)
|
|
in various crypto
routines
(This used to be commit f6cf9020c8899e784385ea0e14fa465685441ee6)
|
|
acting as a cifs redirectory (using the cifs backend)
(This used to be commit 06a8100e6a2f3f079af5b6ec32d87d1d25f56c3c)
|
|
- always use the 14 word writex varient even for small transfers as
long as large offsets are negotiated (this matches windows
behaviour)
- make sure we fill in the top 16 bits of the count for large writex
calls
(This used to be commit 9ea20d0c9a1cb4800f3f54195cbbe70c98c8e423)
|
|
is lost. We now close the cli_transport when there is a socket io
error
(This used to be commit 138cb5f2f5f8ce1479ac687d18e6a0e355e55b7f)
|
|
ldap and krb5 configure tests
libads/*.c and libcli/raw/clikrb5.c from 3.0
metze
(This used to be commit 64b5bfcd73d7626d6f687a641b11e64821144df7)
|
|
* fixed the handling of anonymous logins
(This used to be commit 7cbc4ad8710ad33387145bfc9974d0ed4b0fb231)
|
|
passes in NULL.
(This used to be commit b63ebaa770940a276ab63583a13d8cc349b6efe6)
|
|
This adds support for bigendian rpc in the client. I have installed
SUN pcnetlink locally and am using it to test the samba4 rpc
code. This allows us to easily find places where we have stuffed up
the types (such as 2 uint16 versus a uint32), as testing both
big-endian and little-endian easily shows which is correct. I have now
used this to fix several bugs like that in the samba4 IDL.
In order to make this work I also had to redefine a GUID as a true
structure, not a blob. From the pcnetlink wire it is clear that it is
indeed defined as a structure (the byte order changes). This required
changing lots of Samba code to use a GUID as a structure.
I also had to fix the if_version code in dcerpc syntax IDs, as it
turns out they are a single uint32 not two uint16s.
The big-endian support is a bit ugly at the moment, and breaks the
layering in some places. More work is needed, especially on the server
side.
(This used to be commit bb1af644a5a7b188290ce36232f255da0e5d66d2)
|
|
IPC IO routines and the dcerpc endpoint servers.
(This used to be commit 4929c53bc8dddda8a763fdfbcf81a79776d01113)
|
|
more like the other major SMB functions
* added SMBntrename code
(This used to be commit f2d3dc9893fa0e089c407fa16ce9ff13587e70cd)
|
|
(This used to be commit 8246e6ca0bd0eaa92de602db46a119d368e93391)
|
|
(This used to be commit 48028fbb856ea7ee642f36ba9ed0d5815763f52b)
|
|
(This used to be commit 4dcc06d04c67c6e063c5b2a88f693423c77f342d)
|
|
using the [relative] property
this also fixes level3 of PrinterInfo (a relative secdesc)
(This used to be commit d5a15257fdd5f6cfe2706765a7c29f623ec1c6f8)
|
|
for OpenPrinter was wrong.
(This used to be commit 186ddbbf8774d0960852ea9186c8e4e6f7be7a0f)
|
|
- updated lsa parse code from pidl
(This used to be commit 3983b2aee77b0e093847bfc02e02b83ab281f5dd)
|
|
files around, but also added the first bits of auto-generated code for
the lsa pipe.
I haven't updated the Makefile to call pidl yet, so for now the code
was cut-and-pasted into librpc/ndr/ndr_lsa.c manually
(This used to be commit 6b222d3b6541ee74cf8bf3f0913cd444903ca991)
|
|
(This used to be commit ca5f0ccb6cd10d51c96a5cd8e0cd97d50cbb9a73)
|
|
(This used to be commit 25a8692fede323b53240192e5d349b39fe0b7342)
|
|
using any of the old lsa code
(This used to be commit f5bd301ff7befa223a1d761a37ae8f7ce7f1fcd1)
|
|
(This used to be commit f51a216136b7cc7d4d07d4acb80e0a710d82841a)
|
|
successfully used SourceData with 200M of data in rpcecho
(This used to be commit a9aa7954fe84c925bb158af8b73aa71b7ea84e2b)
|
|
successful LSA OpenPolicy using smbtorture
(This used to be commit e925c315f55905060fcca1b188ae1f7e40baf514)
|