Age | Commit message (Collapse) | Author | Files | Lines |
|
when the input is invalid
metze
(This used to be commit 1083204c1f89d9b918015113b6cc2ea423372fe0)
|
|
metze
(This used to be commit a34d0771ce60d4c590c8bc14449cc23d31a6dd2c)
|
|
(This used to be commit 59d4450453c25f5cce9b67b808ff0c4433c1d194)
|
|
(This used to be commit 8a0a8d259dfc517a96053404985f2996b7342713)
|
|
(This used to be commit aeb42a446b3c28c5cf6800606b3f9b70c49cb94b)
|
|
(This used to be commit 231d01a3e79b26884409d24d8e25fc4ab8567d89)
|
|
level (required for signature verification).
Andrew Bartlett
(This used to be commit 76c224f28885759daae45e02a7637f2451dc84d3)
|
|
data to be signed/sealed. We can use this to split the data from the
signature portion of the resultant wrapped packet.
This required merging the gsskrb5_wrap_size patch from
lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no
longer use a static 45 byte value).
This fixes one of the krb5 issues in my list.
Andrew Bartlett
(This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
|
|
other than arcfour-hmac-md5. Currently we still fail to verify other
signatures however.
Andrew Bartlett
(This used to be commit 2e5884fc2472c6bcc7e6e083c28a4da6b2f72af1)
|
|
ndr_pull_data_blob() doesn't work correct. so make them exclute each other.
jelmer, tridge: does that look correct? it fixes a problem, abartlet had
with krb5pac.idl, where the align flags are inherited from the parent, and we want to get the
[flag(NDR_REMAINING)] DATA_BLOB signature;
metze
(This used to be commit b9ea3e8f9f85098b63081bf12e2be65687921874)
|
|
metze
(This used to be commit 7492afa48db68ee29048f8e1a56ccff712a3d162)
|
|
metze
(This used to be commit b897ad39bb063ee9ca963bd9848837307739f792)
|
|
(this is taken from the ethereal dissector)
metze
(This used to be commit c50f5fe33b0025edbf473d7c166dea9655e2d42f)
|
|
dissector compiling and linking. It's really an enum defined in
security.idl.
(This used to be commit b62811afcb85accf9ea0cf12f4b659cd9898e275)
|
|
(This used to be commit 5b8b956887f80e99894e5732568ee65d670aaa72)
|
|
Guenther
(This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
|
|
- also resolve the 0x1f ('member') attid for nicer debugging
metze
(This used to be commit f6cf38d608d727e2065035604b537e07cb88ded9)
|
|
where the idl was something like this:
uint32 size;
[size_is(size+1)] wchar_t *string;
we always need a pair of NDR_PULL_NEEDED_BYTES() and ndr_pull_advance(),
with the same size passed in.
metze
(This used to be commit 8eb75bd5ac5869f11f930ec872ec8a46fba9361b)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
(This used to be commit 2759c91b811511d34f276631378fe6c1cf139760)
|
|
that the parsers were autogenerated.
(This used to be commit a37e2134e61eb38e9cbc54f8533113622f013037)
|
|
- fixed winreg_GetKeySecurity() to use a sec_info field correctly
- simplied the winreg torture code, removing the separate opens for
each hive
- added torture cleanup code in winreg test
- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd587f7b6bbdbd4861441bd19ab85078)
|
|
descriptor. To keep it simple I just use normal IDL buffers for now,
avoiding the complex methods metze used in spoolss. We might change
that later
Also added decoding of the security_descriptor in
winreg_GetKeySecurity() in smbtorture
(This used to be commit 439f34a9621e2e96329c30cfed8d78b8fdfbd8a2)
|
|
(This used to be commit 781df1691cec6ed59f94313f5ffd40a60f75a0fd)
|
|
tree with DsGeNCChanges(), this is possible as administrator
without having a DC account joined to the domain
metze
(This used to be commit e6f92444d26734ed984ff1b15a359ef94193945a)
|
|
limited expressions (size_is,length_is,subcontext_size,etc)
(This used to be commit 886780c298a794f304b0fce851bbb58c53605d17)
|
|
as it isn't needed
- parse some more DsAddEntry() errors
- add some more attid constands so that all attribute that are needed
for a DsAddEntry in the DC Domain Join are mapped
- add value() for __ndr_size, to more attribute container, so that the caller
doesn't need to fill them in, that was the reason for getting an NDR_FAULT
metze
(This used to be commit a9a1a6f861c8db626b3232f057ef0b9c3d0ad1b0)
|
|
- give some stuff a meening
metze
(This used to be commit 6d9b8d300829f1dcb3faee666c471c40c24c8aaa)
|
|
this uses a trick with talloc_get_type() to workaround using [value()] vars
in [subcontext_size()]
metze
(This used to be commit 93065f2d3439bceeaa7c2a09679cc6d81472150d)
|
|
requirements, and for better error reporting.
In particular, the composite session setup (extended security/SPNEGO)
code now returns errors, rather than NT_STATUS_NO_MEMORY. This is
seen particularly when GENSEC fails to start.
The tighter interface rules apply to NTLMSSP, which must be called
exactly the right number of times. This is to match some of our other
less-tested modules, where adding flexablity is harder. (and this is
security code, so let's just get it right). As such, the DCE/RPC and
LDAP clients have been updated.
Andrew Bartlett
(This used to be commit 134550cf752b9edad66c3368750bfb4bbd9d55d1)
|
|
debug logs
- got rid of winreg_Time, as its just a NTTIME
(This used to be commit 198aff894eb63e6731daf68474d23a2abe21fbb9)
|
|
these can require more elements in the local charset (usually UTF8) then
in the wire one.
(This used to be commit a0e63c2691f596cdacbc2e15404829ebca075429)
|
|
(This used to be commit 9be03c057e229e9cf7fe8b1db04adb9d2f1efc64)
|
|
buffer is
larger then the string to be pushed.
(This used to be commit 70b52e26f31b00637ed7f90f77ff0b2794dad729)
|
|
(This used to be commit fad3413de5655eb6b1a1c4172b02acd80ae24cda)
|
|
- with this it's also possible to talloc_free() the ndr_pull structure
and talloc_steal(ndr->current_mem_ctx); to fetch the whole data of the hierachical tree
- if the toplevel struct is a valid talloc pointer it's also possible to use
NDR_PULL_SET_MEM_CTX(ndr, mem_ctx); to the the toplevel pointer with the struct pointer
(NOTE: no callers are using this yet, but they shortly will)
metze
(This used to be commit 1a2b8369586642cc9bc15d015c1e4256c3a92732)
|
|
- unify the handling of subcontext, compression and obfucation
metze
(This used to be commit 09de7e0af7f9f7539cf63791baf90ac202536176)
|
|
(This used to be commit 8aff6a0bd808358162b646514d996ad432bfb70d)
|
|
This copes with the
case of size_is(*size) where size is NULL, and the array is NULL
(This used to be commit 56769b4b1d900cce60cd35298b642a85e4eddfee)
|
|
this copes with 2 more situations:
1) where the array is NULL, which would previously be coped with by a
if (ptr) check, but now in the deferred array bounds checking needs
to look at the array variable in the ndr code. Not nice.
2) nest the array checking along with the SCALARS vs BUFFERS checks, ensuring we don't
do array bounds checking for a buffer when in scalars only mode
(This used to be commit ad1b9867a5a14bc9ed2e1a5eb8f05bb2046bc645)
|
|
calls. The previous IDL was just a workaround for the limitations of
our older rpc infrastructure. Now that Jelmer has added much improved
string support using the charset keyword we can correctly implemenent
the unusual winreg string buffers.
Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.
This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7)
|
|
(This used to be commit 1ae255aba44f4444486ae5bc634c8ab1a6328c87)
|
|
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
|
|
generating incorrect code for arrays of strings here.
(This used to be commit 3b2476e0a00dbd3b552ccde736147e93655732f1)
|
|
names. Need to get working with SIDs and extra data.
(This used to be commit 2543f78df61b76295acf6fe4837adefbe08ca5c4)
|
|
(This used to be commit 7329dd25f509a5db92ee70713fa0b2a2473ae8cb)
|
|
(This used to be commit b323e83e8df6ba331b3f0b3abe28aa8ddf9127ef)
|
|
metze
(This used to be commit 475b413cfea03c749535df8e100f0339ffecf590)
|
|
NT_STATUS_ACCESS_DENIED.
(This used to be commit f18d1f539e4fd434dfc519e45f4c356c5cd4d73a)
|
|
Fix IDL for ReadEventLogW() function.
(This used to be commit b1b76ad9c428f0941d104e9312aa426c39da7134)
|