Age | Commit message (Collapse) | Author | Files | Lines |
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
as it's already converted in the pull/push code
metze
(This used to be commit 0d2286ba56fa8d25244a5554e75b5be24eba28b0)
|
|
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
|
|
- move some structs out of misc.idl
metze
(This used to be commit b6543a6e3057b5588ec50a2ebf6c7c932209efe6)
|
|
metze
(This used to be commit fa798fe1f0c39dfee7d4c86a8cd5924be8a32922)
|
|
(This used to be commit 6f2019c307161953291f6bb5401eefaa7edc3857)
|
|
(This used to be commit 4e62bd2a349c0cce8cb82a401fdf1cc33828af6f)
|
|
specific GENSEC mech type, but on the behaviour of the mech.
Andrew Bartlett
(This used to be commit f2bd7a5a699b91d99d7dc2a0b3b6c7006274a59c)
|
|
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
|
|
advanced auth types we should do a plain bind. This fixes rpc
connections to ancient servers (like sun cascade)
(This used to be commit 59a5a0b218f7182c541a06ffc4528c1160699033)
|
|
- added support for "spnego" in binding strings. This enables SPNEGO
auth in the dcerpc client code, using as many allter_context calls as
are needed
To try SPNEGO do this:
smbtorture ncacn_ip_tcp:SERVER[spnego,seal] -Uadministrator%password RPC-SAMR
(This used to be commit 9c0a3423f03111c110d21c0d3910e16aa1a8bf87)
|
|
doesn't need to
use function pointers anymore
- make the module init much easier
- a lot of cleanups
don't try to read the diff in auth/ better read the new files
it passes test_echo.sh and test_rpc.sh
abartlet: please fix spelling fixes
metze
(This used to be commit 3c0d16b8236451f2cfd38fc3db8ae2906106d847)
|
|
(This used to be commit 95e849bf94160ae4807a54b28e351539c1119215)
|
|
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
|
|
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
|
|
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
(This used to be commit b65a95c11778fd778ad3c013664aea7d038e16ae)
|
|
this fixes RPC-SAMLOGON and some other tests on ncacn_ip_tcp
(This used to be commit 244370d62424ab3c0f9d6689b0e674d057b3fc09)
|
|
metze
(This used to be commit c2523adc0a0807979fb21b8ba77d556bac82e435)
|
|
(This used to be commit 08d7b77efc05571146c54322e684753ccd4cd2d6)
|
|
metze
(This used to be commit 2a859fbc90a6b043bac318196e42c2949958d57f)
|
|
NDR_PAHEX is handled by ndr_print_enum() now
metze
(This used to be commit c3b2d2cca37193fead0df1a8808c3ffcd5180a89)
|
|
metze
(This used to be commit a4d94034239980d8a7ab38dfe2b19936b15d23df)
|
|
metze
(This used to be commit ed1c98cb9d1adbc2616cb26376927c6dee1b579b)
|
|
metze
(This used to be commit 3e224575e58436fef71897e62f57bfcf120c0da8)
|
|
talloc_p() macro. Use
talloc_size() if you want the old behaviour.
I have kept talloc_p() as an alias for now. Once we change all calls
to be plain talloc() then we can remove it.
(This used to be commit 2011bbeb841fd6bfccf3d44a49f79203f7f55baa)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
metze
(This used to be commit 109c91650ac8b4ad28151bdb6debf73ad6a94bfb)
|
|
metze
(This used to be commit fd96a07c5a1f4969bfd04ffd3b6990a2dad41cf4)
|
|
metze
(This used to be commit 7702d0f9775878c4d7535d9135f41d156146f8d1)
|
|
typedef bitmap {
FLAG1 = 0x01
} fooflags;
typedef struct {
fooflags flags;
}
metze
(This used to be commit 052a7d4f9a3a178149c65a616fdfd87152dff7eb)
|
|
the next commit is support for typedef bitmap {...}; in pidl
metze
(This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
|
|
is less efficient, but I really doubt that matters.
- use enum in epmapper.idl for protocol type
- added support for "enum8bit" flag, used in epmapper.idl
(This used to be commit 1a24a50384b7f588844cd012f1218ca242ca4507)
|
|
(This used to be commit 82313fb79eb361d7cee06ada21c537a7cc57970e)
|
|
(This used to be commit f9e0aa1ab1faac039893db241819907c9c4bb510)
|
|
(This used to be commit 29955004aa256d5ac27b941f48384ab97ff5e4b8)
|
|
metze
(This used to be commit d60b2f094e89462b435063142a290034675a1132)
|
|
.enabled = True
on modules we know are good (and we want on be default) seems neater.
Andrew Bartlett
(This used to be commit 18850c66b7c8ac5e8caf08151dbb9b72cf93230f)
|
|
to match the style we are using in other pipes
- first fillin local vars and only set the out parameter on success
- for the server code only to the samdb lookup when it's needed
NOTE: the DsRoleGetPrimaryDomainInformation() code with DS_ROLE_MEMBER_SERVER
is not tested yet, does someone has a w2k3 member server to test with?
metze
(This used to be commit e6d1136497f501fe0687bfb34a155db6a9d87bde)
|
|
context that
will automatically be freed on program exit. This is useful for reducing
clutter in leak reports
(This used to be commit cf73dda652e0a121901f22771104be6751c0fcb9)
|
|
- add DSSETUP to the list of tests run in test_rpc.sh
(This used to be commit 73c3cdc8ed8dafd544ce4dcac9141124d2b85670)
|
|
pipe is now complete!
The only glitch is that I am returning DS_ROLE_MEMBER_SERVER when I
should be returning DS_ROLE_PRIMARY_DC. This is needed for the moment
or ACL editing doesn't work from w2k3. Once we have some more ADS
calls we should be able to fix this.
(This used to be commit 6566dc2805a9f6473ebab70b0dbd381c4dbd42c8)
|
|
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
- GSSAPI exposes only a wrap() and unwrap() interface, and determines
the location of the signature itself.
- The 'have feature' API did not correctly function in the recursive
SPNEGO environment.
As such, NTLMSSP has been updated to support these methods.
The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).
Andrew Bartlett
(This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
|
|
(This used to be commit dbcaff7c71c9b7ee984a2ed458b6c3ce27772740)
|
|
Volker
(This used to be commit f8588a769c185f871fdcd5db35428ad587bdfad3)
|
|
(This used to be commit 05c8fd81ddec969ed5280e2fe9f838ac4399f1c9)
|
|
(This used to be commit 1c2170ae21d60c22ee3053fbf249dba59de576ba)
|
|
editing from w2k3
when we present ourselves as a DC in the registry
(This used to be commit 9651901791e0553f106ab957c5787c109098248b)
|
|
(This used to be commit 40a68a160e43b2e5d018e393ddecdfc50bad5360)
|