Age | Commit message (Collapse) | Author | Files | Lines |
|
supprisingly complex call...
It turns out that the in/out parameter 'level' is not in/out, but set
seperatly by the server-side code from r->req.req1.level.
This commit also breaks out some common code from samldb into samdb.
Andrew Bartlett
(This used to be commit 2eb9e6445c64840399171f4f56b1e43786dbcfa7)
|
|
(This used to be commit 40406355135d5bebd9dad27168ab695657271f4f)
|
|
metze
(This used to be commit 6d0c788f3dffb7a553464404ebd9c0487d668bc5)
|
|
metze
(This used to be commit 0777a8e749e8df88dd1b9f7be9e4f3012559243b)
|
|
Do not require an artificial ASN.1 context to be setup.
Simo.
(This used to be commit 14b3b9861ae47498c74a6643e6979b3d85260a61)
|
|
metze
(This used to be commit ebbd6263bbc30001e25603c5e4f45393b5fadb3d)
|
|
and we return the array as hexstring. this is always in the last
array member of the meppings array, and I is always 21 bytes long
w2k in mixed mode: FF0000000000000000000000000000000000000000
w2k3 in mixed mode: FF00000002A5DA73B101C43B449028E2F832FE466F
w2k3 in native mode: FF00000001635D94BDE62E2C4C9BAC9D6AFA4F69F8
I assume it's some kind of schema version...
metze
(This used to be commit db16f6382da50167b6cefdaeb8488b00a45fb928)
|
|
uint8_t arrays
with ber encoded oid's
metze
(This used to be commit bc13b3690166b29df246cc4778b378e9cf2a22d7)
|
|
transferred
in replication replies, but I don't know the exact encoding.
for example the oids are transferred as:
2.5.4 => uint8_t v[] = { 0x55, 0x04 };
2.5.5 => uint8_t v[] = { 0x55, 0x05 };
2.5.6 => uint8_t v[] = { 0x55, 0x06 };
2.5.18 => uint8_t v[] = { 0x55, 0x12 };
2.5.20 => uint8_t v[] = { 0x55, 0x14 };
2.5.21 => uint8_t v[] = { 0x55, 0x15 };
1.2.840.113556.1.2 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x02 };
1.2.840.113556.1.3 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x03 };
1.2.840.113556.1.4 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x04 };
1.2.840.113556.1.5 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05 };
1.2.840.113556.1.5.7000 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x14, 0x01, 0x05, 0xb6, 0x58 };
1.2.840.113549.1.9 => uint8_t v[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09 };
2.16.840.1.113730.3 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03 };
2.16.840.1.113730.3.1 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x01 };
2.16.840.1.113730.3.2 => uint8_t v[] = { 0x60, 0x86, 0x48, 0x01, 0x86, 0xf8, 0x42, 0x03, 0x02 };
0.9.2342.19200300.100.1 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x01 };
0.9.2342.19200300.100.4 => uint8_t v[] = { 0x09, 0x92, 0x26, 0x89, 0x93, 0xf2, 0x2c, 0x64, 0x04 };
1.3.6.1.4.1.250.1 => uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x81, 0x7a, 0x01 };
1.3.6.1.4.1.1466.101.119=> uint8_t v[] = { 0x2b, 0x06, 0x01, 0x04, 0x01, 0x8b, 0x3a, 0x65, 0x77 };
if someone knows how the encoding works, please tell me:-)
I assume some ASN.1 encoding...
metze
(This used to be commit aa720a15319392fee5c532959192d0df5bf4c718)
|
|
metze
(This used to be commit 3d51ce92c272582e19046337ea6b8b2acd60997d)
|
|
metze
(This used to be commit 38ae6ce7b9b5dd733e4e838da04d1c570c450c97)
|
|
way to setup a Samba4 DC is to set 'server role = domain controller'.
We use the fSMORoleOwner attribute in the base DN to determine the PDC.
This patch is quite large, as I have corrected a number of places that
assumed taht we are always the PDC, or that used the smb.conf
lp_server_role() to determine that.
Also included is a warning fix in the SAMR code, where the IDL has
seperated a couple of types for group display enumeration.
We also now use the ldb database to determine if we should run the
global catalog service.
In the near future, I will complete the DRSUAPI
DsGetDomainControllerInfo server-side on the same basis.
Andrew Bartlett
(This used to be commit 67d8365e831adf3eaecd8b34dcc481fc82565893)
|
|
metze
(This used to be commit 4daa45f98a3bb6f3c245fe61e05681335ef8b5c6)
|
|
metze
(This used to be commit 3daa68e1c4212f1dad98b196a096ded3204b03ba)
|
|
metze
(This used to be commit 1b6621814ba83724e05c0c2bea28d6eb295a3655)
|
|
this wasn't noticed because on the 1st dc in the forest both have the
same value
metze
(This used to be commit 527bd9a0a361e19606e25e885b92da316e740bf9)
|
|
metze
(This used to be commit 3f1e88759cce7b05a117928efe73b353b28e8576)
|
|
http://msdn2.microsoft.com/en-us/library/ms676264.aspx
metze
(This used to be commit a52d5f6ed9d92890d2a677d9398450f355165de2)
|
|
request work correctly
- the error structures all have the same type
metze
(This used to be commit 3322dbd901106262b22db35e9ef455a08ac2867c)
|
|
metze
(This used to be commit 3e6264d872e4fc39a8e0712293492ad413345de9)
|
|
metze
(This used to be commit f79d3435936104813f9492a010c57ea99835702f)
|
|
avoid pushing the referred object twice) and add test for full pointers.
(This used to be commit 1638c8d234dbc85298000685e49570f23dfd0bf8)
|
|
duplicates later.
(This used to be commit 006ab1d4a449c81680add57e0116a86b8317fbfb)
|
|
- we don't need to add 'ref' explicit
- we some toplevel pointers need to be 'ptr' ('sptr' for now) pointers
metze
(This used to be commit c95cd82de29f4102d72030780da785bf28e0de9e)
|
|
(This used to be commit 92b8bde561277a6b83048ce003cc29ff1b380255)
|
|
a DC
metze
(This used to be commit df133cd22a350d422c49844e50a67f4cc1fb61e4)
|
|
(This used to be commit 48e6df59444a78dc268b84c5f94787de09d41908)
|
|
(This used to be commit 0221d5b6c4250a3a2c86c623c534996d7decb1f6)
|
|
(This used to be commit bd48f78b1d6dba73e44630ad930fd6089d2076b2)
|
|
- use the client_site when creating the server object
metze
(This used to be commit b02d0e1be343c7d609715237dc842702b6fbe231)
|
|
this also let wireshark match the responses
metze
(This used to be commit 9e52b0b9b59e2c8ee7b1242a191cc37e462842c1)
|
|
(This used to be commit 17c2557834aad8c85fb640054c942f99bbce1d94)
|
|
(This used to be commit 8768bec81f57131a0c9754e8121b345c0be4a5d0)
|
|
- remove ipv6 support untill the resolve layer can give ipv6 addresses
metze
(This used to be commit 1e518c3e675e6952044bc0fdf2537be432c0c56f)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
the build
for now.
(This used to be commit 1474f1a220d869c3c11dac038411149abe3e48fe)
|
|
(This used to be commit 347ae9628202ca4de4318ef8156999239aad9192)
|
|
places where this was currently not the case.
(This used to be commit 3894497a232df8cf0457c7439c9ae347f63f24a1)
|
|
libraries
works again now, by specifying --enable-dso to configure.
(This used to be commit 7a01235067a4800b07b8919a6a475954bfb0b04c)
|
|
as well?
The server side change is needed to fix a valgrind error, which was
possibly exploitable if the client sent deliberately bad data
(This used to be commit e3c04cf165fe15739197b2713e78046399aa7653)
|
|
a RPC-SECRETS on kerberos test still fails, but I'll let andrew take a
look at that later :)
(This used to be commit c260b175682c1cd95eaba958bfd9f054cb2547ea)
|
|
abstractions now.
Andrew Bartlett
(This used to be commit df31237c0cac0213c4f32fc491bcec2ea9f885c3)
|
|
file. Everybody calls this via the dcerpc_pipe_connect() or
dcerpc_pipe_connect_b() functions.
Andrew Bartlett
(This used to be commit 5ee0fc035179c76f1362547ccc500f8677c8fa1f)
|
|
length, use the amount the wapped message expanded by.
This works, because GSSAPI doesn't do AEAD (signing of headers), and
so changing the signature length after the fact is valid.
Andrew Bartlett
(This used to be commit bd1e0f679c8f2b9755051b8d34114fa127a7cf26)
|
|
to do, particularly with getting the detailed bit mappings right, and
on sid mapping. Does not pass RAW-ACLS yet
(This used to be commit b92553481b534d0ef5277dbfe8c0d64a03f819eb)
|
|
metze
(This used to be commit 5c766ad48d0790b7ae865408fd0dbdb1769da2d8)
|
|
(This used to be commit 9817cc235c5fd787855c60fa58f68b14f78cdb94)
|
|
to perform a lookup once, resolve the name to an IP, while still
communicating the full name to the lower layers, for kerberos etc.
This fixes 'net samdump', which was failing due to the schannel target
name being *smbserver.
Andrew Bartlett
(This used to be commit 0546f487f4cc99b5549dc1e457ea243d4bd66333)
|
|
quite a few of them (not sure if these are used actually).
rafal
(This used to be commit 1622d4608bc738b73d6f51c758828f96602b3e59)
|
|
rafal
(This used to be commit ec59441977205af9a38926b3d432ec0de6379573)
|