Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Also ignore auth trailers in level connect on receive.
This fixes [krb5,connect] against windows.
TODO: maybe the gensec mech need to decide if signatures
are needed in level connect.
metze
(This used to be commit eca0502b8620f2110a303b84def4f0bf48cc4ea5)
|
|
(This used to be commit d982b69df638f17da6af398e2613986240031064)
|
|
Remote Data Structure
metze
(This used to be commit 3edbbb12bda8e19a9f5a72849bc79e0fad7976f8)
|
|
trusted-domains
(This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
|
|
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
|
|
metze
(This used to be commit 1432a96d37e367d9d97d48b69c6f16351a9ad066)
|
|
metze
(This used to be commit b36056aac3f55587d2b3e7b66feea8173dbc67f0)
|
|
metze
(This used to be commit 83446e22dd1eda958ef62bbe998da0a47b9ff8ef)
|
|
metze
(This used to be commit dcc57512b030995d9b186c7a6cb3b304d5680867)
|
|
inflateReset2()
Now we can use an unmodified system zlib-1.2.3
metze
(This used to be commit d68e36b485239cbaf99a6dce3f3bf52b4abcd06d)
|
|
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
|
|
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
|
|
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
|
|
(This used to be commit e5520706c88911c66b3ce5817e371900212ca083)
|
|
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
|
|
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
|
|
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(
Andrew Bartlett
(This used to be commit d878643071a1477435a267e2944461d367cdfa79)
|
|
(This used to be commit b706708210a05d6f10474a3cd2bbc550704d4356)
|
|
(This used to be commit a17cb558c23142e522de3ed56d65c7694477395f)
|
|
(This used to be commit a555334db67527b57bc6172e3d08f65caf1e6760)
|
|
(This used to be commit 93cf0b3c7e6d8a4758c44519de51e51be89f76c7)
|
|
(This used to be commit 469fac2669991b130dec219e1a109a8b2ce224be)
|
|
The output doesn't match the output from windows servers,
but it's a start...
metze
(This used to be commit 8a2f9688275aa150b739b5525e738df15c5e25cc)
|
|
This isn't really the final solution, as we compress the data twice,
but it works.
metze
(This used to be commit 6da1d41173a7b82412fcebdd751eade51cf82b2a)
|
|
metze
(This used to be commit 9fe466f84afcbd64c9bbfe0f9ea6c1933acb07fe)
|
|
Serialization header
Now we should be able to handle bigendian PAC_LOGON_INFO buffers.
metze
(This used to be commit adbff0b0f92aa0742a8293071776b388879cbd8e)
|
|
metze
(This used to be commit 4e6937816f1563686d04da4ab00a46d4461401b9)
|
|
layer
metze
(This used to be commit 70a7b1f6c2e359102467ea270c2bb1efe736f64a)
|
|
metze
(This used to be commit 925a2066ffa18a86704a8ee1a7a6908e0cd65a2a)
|
|
We use the header size 0xFFFFFC01 as magic for constructed types.
See [MS-RPCE] 2.2.6 Type Serialization Version 1 for more details.
metze
(This used to be commit 98d3568f079ea143214bcf5271b636313d6491c3)
|
|
I've studied now the netlogon attribute from the CLDAP request and
have compared them with the table presented in the WSPP docs
(http://msdn.microsoft.com/en-us/library/cc201036.aspx). The first two
bytes seem to be correct, but that the third and fourth one is
completely clear with SAMBA 4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 3024a43c25e3ec9821d94a27d5cf738890b1b8f3)
|
|
(This used to be commit a6146cc14ba950b1911094b1525c7d06b50ecec6)
|
|
metze
(This used to be commit f48dfd87badcddc64a1c0bf52939188a4a8f4add)
|
|
metze
(This used to be commit 25876fc4ab8ba11f00d24bb8ceb517c0e4a4d72d)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 6a9720c99d36a575ea8ed92e94ff6d2fe6f3e27d)
|
|
(This used to be commit b337369d5c86b37d93ee1c62880068e14d6c09f6)
|
|
a new one we don't break our server
(This used to be commit 5e08b285319e35afd3a9a6e6f5f59145350f2d80)
|
|
This produces a C structure that is sane, while still parsing the wire
blobs (as far as I can tell).
Andrew Bartlett
(This used to be commit b5dbe815e5dd3f865c7735bc76e02017a869f09b)
|
|
Andrew Bartlett
(This used to be commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e)
|
|
metze
(This used to be commit 54b873e49ff363609632fa2862208bf6b4c1b6ed)
|
|
metze
(This used to be commit 50eb0e726405580dc5ca3a8a3b15f3bd674f722a)
|
|
metze
(This used to be commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7)
|
|
This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.
metze
(This used to be commit a4c81ee68c91b2d7a9abe668e8b23246c5c9b00d)
|
|
You can trigger it like this:
ncacn_ip_tcp:172.31.9.234[sign,hdrsign]
or
ncacn_ip_tcp:172.31.9.234[seal,hdrsign]
metze
(This used to be commit 54f1fca582b1474693b5ee11b7b847086d27f75f)
|
|
metze
(This used to be commit 60b3523da485d845b1d930d990688d8434d39ef3)
|
|
metze
(This used to be commit 495d068df55a94d48f2a4d2e7f2060fb42f66dbd)
|
|
This is based on the docs, as well as testing against a domain trust
in windows.
Clearly it needs to be more general - perhaps a non IDL parser?
Andrew Bartlett
(This used to be commit 816bb64a56a75d1eb5e879b4abf211af27243686)
|
|
(This used to be commit 26c2a34dec26890230dfa86827804d8160061ce5)
|