Age | Commit message (Collapse) | Author | Files | Lines |
|
Fill out the group list for the SamLogon reply, so clients get the
supplementary groups.
Andrew Bartlett
(This used to be commit d9c31e60a72c345e3a23a7eb742906bcfc18721c)
|
|
it certainly doesn't make sense as LOGON_FAILURE.
Andrew Bartlett
(This used to be commit 4bec3d3f378ed8b988e00441c9bb5718b8548ba6)
|
|
metze
(This used to be commit a29d52817ce943c15f6896b74273df739867c8f7)
|
|
metze
(This used to be commit 44f943f88111c5bb913a97e652041c701a78849a)
|
|
(This used to be commit f7051365584f536e4b4df20157019272c26d0e33)
|
|
(This used to be commit 2873c0e917e172f8f3186ad93c154f51198c352b)
|
|
Samba4 without Samba3 nmbd
(This used to be commit f4d07d7d3b6973b503d8c98f177471dd6cebfa92)
|
|
netlogon query.
Note that this response is almost identical to the CLDAP netlogon
response, so adding that will now be quite easy.
(This used to be commit 1ea4ed4ad1d9336f8288283688fa2d7bebfa533c)
|
|
(This used to be commit 63dfa9b80649928baf72687381fcfb6dd4d20032)
|
|
workstations can now login
to a Samba4 domain.
(This used to be commit df146d64ebce6b462c08a1f30919390fcf8196cb)
|
|
clients when a user tries to login)
(This used to be commit 08ded62156b387457bc56b5910e1ddc813b375bd)
|
|
without
Samba3 nmbd
(This used to be commit 4507bdc339505e91118d403948946f4a98a4f562)
|
|
this one uses a obfuscation(0xA5) subcontext
this is taken from the openchange.org project
metze
(This used to be commit 4632b37d0c35c02875264db07f9c4477b3b8e040)
|
|
stuff),
based on a patch from j.kerihuel@openchange.org
- remove unused $ndr_flags argument for the ParseCompression*Start() function's
metze
(This used to be commit 27ccdd61822ba1a24244086522b9f8fe97fe0a78)
|
|
metze
(This used to be commit f5424d2dad00abbb11262a2b4b9468497c1f81a7)
|
|
ndr code for handling sids and security descriptors now that we have a
sid in the nbt IDL
(This used to be commit f8e77fcdeac704aed5e501aa9108f3ed0ab26ca4)
|
|
cli_credentials_set_conf(), not cli_credentials_guess().
Also, clarify why for particular flags, we don't do a DCERPC-level
authentication.
Andrew Bartlett
(This used to be commit 838925761d004a1426107f4c5c84d0276fddb2c0)
|
|
(This used to be commit d7e6e395cedef47dc182094c91f764e248b9b149)
|
|
parsing incoming netlogon requests. No replies are sent yet.
(This used to be commit 3b34df6a674cd2aeddc354cdadae3f0e1c000d45)
|
|
now tries to bind to port 138 if possible, so if you run it as root
and smbd/nmbd is not running then it works against windows servers
(This used to be commit 52ccdb79bc922be52c24dd393323dbbee83a2aea)
|
|
(This used to be commit 321fbae51267153102e47845736f2c3a5abfe0be)
|
|
suite. The NBT-DGRAM test does a UDP/138 netlogon request, to which a
windows server sends a reply, but the windows server sends the reply
to the wrong port (it always sends to 138), so the test suite doesn't
see it.
(This used to be commit a7634625dbc944dd8256a822be290010f341a571)
|
|
DCERPC_SCHANNEL_128 if we fail. Thus, it allows us to work with Windows
NT DCs ...
(This used to be commit 3034b226705c4736d57c9bf4e9470c4d44c72e8e)
|
|
datagrams. This adds the IDL to parse mailslot packets, plus mailslot
dispatch and listener registration code.
mailslots are used for UDP/138 browse and netlogon packets
(This used to be commit f20e7e5200de736b3451d748ed716be638f93502)
|
|
- fix GetPrinterData(), look inside the datablob
- add idl for RemoteFindFirstChangeNotify(), without meaning yet, just to not return a DCERPC_FAULT
when receiving this request
metze
(This used to be commit 92f3d5bd9c700032612ac20dc7635730c555c4da)
|
|
metze
(This used to be commit e66aa87f148d04f4c44b08555345600b8a6278d4)
|
|
metze
(This used to be commit 08d22a07cfa84fe959320058e8574c8983e1d71f)
|
|
we should start with an empty switch_list
in ndr_print as we do for ndr_pull/ndr_push
metze
(This used to be commit 848f553117b369fc6697086b3f7d36dd17b60f5b)
|
|
server. Currently just listens on port 138 and parses the packets
(using IDL like the rest of NBT). This allows me to develop the
structures and test with real packets
(This used to be commit 10d64a525349ff96695ad961a3cfeb5bc7c8844f)
|
|
crash city.
(This used to be commit 6526f21fb72094e8ff62bfc2693a49a3b1679a95)
|
|
(This used to be commit 4da9d1d5c277eb65d0fe5bf5c4690531dcfb85de)
|
|
(This used to be commit f66e11137eed69b44f0739f1064625cbd96243bd)
|
|
a handle as parameter,
EnumPorts
EnumPrinterDrivers
EnumMonitors
EnumPrintProcessors
EnumPrinters
we now do cross checks between the different info levels
and sore the results in a global context,
so that we later can add cross checks between the different object types
- add idl for EnumMonitors and EnumPrintProcessors
metze
(This used to be commit 92a3721bc7a28d521090b10eb3b1eed089036432)
|
|
metze
(This used to be commit d92100fcc2066454df441a1ea2c7b9940fa19fa1)
|
|
(this fixes parsing of w2k blob, which some times have random gargabe data in the sid buffer)
- make the names of the DsReplicaCoursor*Ctr* 's more consistent
and fix DsGetNCchangesCtr6 parsing
metze
(This used to be commit 75e427dca9f6b129ead100f7265794189f257c67)
|
|
dom_sid in it
metze
(This used to be commit 460d1b089e494efaeb0c8c7fd4601a9ef57123c5)
|
|
(tridge: asked me for that commit)
metze
(This used to be commit 2791de069a571aaa53283d68b5cc957d82e7ce41)
|
|
(and the push side isn't used currently...)
metze
(This used to be commit 2d121c84312723ef6a7a3250a204efa8488f6303)
|
|
(taken from cabextract.c from KDE)
this code maybe need to be rewritten and the
compression side needs to be done,
but for now it seems to works
- remove the dependency to zlib
metze
(This used to be commit 5e8558c5b4365a494aa054c3e08d4084b319e6e5)
|
|
of small typos.
(This used to be commit 9b4069e84573f85ce4341ceacd35737a18726a0b)
|
|
metze
(This used to be commit bbc0f6c5525b03deb9374fd96cb22cff4d3fb2e1)
|
|
metze
(This used to be commit 4b88ff29715a98c728cf70db4889daafed8eeeb2)
|
|
it produces the correct DATA_BLOB length, but only the first chunk is
successfull decompressed...
metze
(This used to be commit 0d44d077975d756023f1dcc8d2c3ebf06305e355)
|
|
find...:-( )
- use a DATA_BLOB for the driver specific data in the devmode
metze
(This used to be commit 87d48b20769666b568ac1115246b58995d221148)
|
|
metze
(This used to be commit ff32e2182e3f11b1b51110c9d3f34bc8781dec0b)
|
|
metze
(This used to be commit fca4dc4827c98c02051165c1aedf5bdc5354bdda)
|
|
this is not complete cuurently...
but I want other people to test it and help me on finishing it.
(try to change the #if 0 in torture/rpc/drsuapi.c into #if 1)
metze
(This used to be commit 335adef37082a78e0426decb715629bd778e6582)
|
|
has the patience to run test_w2k3.sh to completion :-)
It looks to me that the Windows server runs the RC4 over the C struct,
not the NDR data.
Andrew Bartlett
(This used to be commit c324d974134c35b4c50c91d5a932a63c78b67046)
|
|
GENSEC, and to pull SCHANNEL into GENSEC, by making it less 'special'.
GENSEC now no longer has it's own handling of 'set username' etc,
instead it uses cli_credentials calls.
In order to link the credentails code right though Samba, a lot of
interfaces have changed to remove 'username, domain, password'
arguments, and these have been replaced with a single 'struct
cli_credentials'.
In the session setup code, a new parameter 'workgroup' contains the
client/server current workgroup, which seems unrelated to the
authentication exchange (it was being filled in from the auth info).
This allows in particular kerberos to only call back for passwords
when it actually needs to perform the kinit.
The kerberos code has been modified not to use the SPNEGO provided
'principal name' (in the mechListMIC), but to instead use the name the
host was connected to as. This better matches Microsoft behaviour,
is more secure and allows better use of standard kerberos functions.
To achieve this, I made changes to our socket code so that the
hostname (before name resolution) is now recorded on the socket.
In schannel, most of the code from librpc/rpc/dcerpc_schannel.c is now
in libcli/auth/schannel.c, and it looks much more like a standard
GENSEC module. The actual sign/seal code moved to
libcli/auth/schannel_sign.c in a previous commit.
The schannel credentails structure is now merged with the rest of the
credentails, as many of the values (username, workstation, domain)
where already present there. This makes handling this in a generic
manner much easier, as there is no longer a custom entry-point.
The auth_domain module continues to be developed, but is now just as
functional as auth_winbind. The changes here are consequential to the
schannel changes.
The only removed function at this point is the RPC-LOGIN test
(simulating the load of a WinXP login), which needs much more work to
clean it up (it contains copies of too much code from all over the
torture suite, and I havn't been able to penetrate its 'structure').
Andrew Bartlett
(This used to be commit 2301a4b38a21aa60917973451687063d83d18d66)
|
|
is used, in the reply.
metze
(This used to be commit 618dadb7ef092af0f2c13c2e67874041f54f4e98)
|