Age | Commit message (Collapse) | Author | Files | Lines |
|
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
|
|
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
|
|
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
|
|
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
|
|
(This used to be commit e5520706c88911c66b3ce5817e371900212ca083)
|
|
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
|
|
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
|
|
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(
Andrew Bartlett
(This used to be commit d878643071a1477435a267e2944461d367cdfa79)
|
|
(This used to be commit b706708210a05d6f10474a3cd2bbc550704d4356)
|
|
(This used to be commit a17cb558c23142e522de3ed56d65c7694477395f)
|
|
(This used to be commit a555334db67527b57bc6172e3d08f65caf1e6760)
|
|
(This used to be commit 93cf0b3c7e6d8a4758c44519de51e51be89f76c7)
|
|
(This used to be commit 469fac2669991b130dec219e1a109a8b2ce224be)
|
|
The output doesn't match the output from windows servers,
but it's a start...
metze
(This used to be commit 8a2f9688275aa150b739b5525e738df15c5e25cc)
|
|
This isn't really the final solution, as we compress the data twice,
but it works.
metze
(This used to be commit 6da1d41173a7b82412fcebdd751eade51cf82b2a)
|
|
metze
(This used to be commit 9fe466f84afcbd64c9bbfe0f9ea6c1933acb07fe)
|
|
Serialization header
Now we should be able to handle bigendian PAC_LOGON_INFO buffers.
metze
(This used to be commit adbff0b0f92aa0742a8293071776b388879cbd8e)
|
|
metze
(This used to be commit 4e6937816f1563686d04da4ab00a46d4461401b9)
|
|
layer
metze
(This used to be commit 70a7b1f6c2e359102467ea270c2bb1efe736f64a)
|
|
metze
(This used to be commit 925a2066ffa18a86704a8ee1a7a6908e0cd65a2a)
|
|
We use the header size 0xFFFFFC01 as magic for constructed types.
See [MS-RPCE] 2.2.6 Type Serialization Version 1 for more details.
metze
(This used to be commit 98d3568f079ea143214bcf5271b636313d6491c3)
|
|
I've studied now the netlogon attribute from the CLDAP request and
have compared them with the table presented in the WSPP docs
(http://msdn.microsoft.com/en-us/library/cc201036.aspx). The first two
bytes seem to be correct, but that the third and fourth one is
completely clear with SAMBA 4.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 3024a43c25e3ec9821d94a27d5cf738890b1b8f3)
|
|
(This used to be commit a6146cc14ba950b1911094b1525c7d06b50ecec6)
|
|
metze
(This used to be commit f48dfd87badcddc64a1c0bf52939188a4a8f4add)
|
|
metze
(This used to be commit 25876fc4ab8ba11f00d24bb8ceb517c0e4a4d72d)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 6a9720c99d36a575ea8ed92e94ff6d2fe6f3e27d)
|
|
(This used to be commit b337369d5c86b37d93ee1c62880068e14d6c09f6)
|
|
a new one we don't break our server
(This used to be commit 5e08b285319e35afd3a9a6e6f5f59145350f2d80)
|
|
This produces a C structure that is sane, while still parsing the wire
blobs (as far as I can tell).
Andrew Bartlett
(This used to be commit b5dbe815e5dd3f865c7735bc76e02017a869f09b)
|
|
Andrew Bartlett
(This used to be commit ea58b650a81b48b0477edbcda1e4e26a3b2a9b9e)
|
|
metze
(This used to be commit 54b873e49ff363609632fa2862208bf6b4c1b6ed)
|
|
metze
(This used to be commit 50eb0e726405580dc5ca3a8a3b15f3bd674f722a)
|
|
metze
(This used to be commit ce36448d74b0c6cdf8928e10c088bf0248a95cf7)
|
|
This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.
metze
(This used to be commit a4c81ee68c91b2d7a9abe668e8b23246c5c9b00d)
|
|
You can trigger it like this:
ncacn_ip_tcp:172.31.9.234[sign,hdrsign]
or
ncacn_ip_tcp:172.31.9.234[seal,hdrsign]
metze
(This used to be commit 54f1fca582b1474693b5ee11b7b847086d27f75f)
|
|
metze
(This used to be commit 60b3523da485d845b1d930d990688d8434d39ef3)
|
|
metze
(This used to be commit 495d068df55a94d48f2a4d2e7f2060fb42f66dbd)
|
|
This is based on the docs, as well as testing against a domain trust
in windows.
Clearly it needs to be more general - perhaps a non IDL parser?
Andrew Bartlett
(This used to be commit 816bb64a56a75d1eb5e879b4abf211af27243686)
|
|
(This used to be commit 26c2a34dec26890230dfa86827804d8160061ce5)
|
|
metze
(This used to be commit 131a1cfdc9a1228d9263c77bcd31b05d2946fd50)
|
|
metze
(This used to be commit 4b79a7678571ac2f7d5f827913fdcb419f5d2e20)
|
|
metze
(This used to be commit 231e6f5ab2dc8a3e991a9872be252cffff6f14c6)
|
|
supplementalCredentials
metze
(This used to be commit 97b7901afbccc9647ad2958d4cf12300de2655d1)
|
|
metze
(This used to be commit da9ceb2bf17f964334d9317829d40483e2c04b10)
|
|
metze
(This used to be commit 24c5b10136f6e640832193aaf9e6d7e865c288bc)
|
|
metze
(This used to be commit 9a70b2237d4fdd523edfbca0329ad35e71faf998)
|
|
presumably LSA).
Tests show that Vista requires the sesion key to be truncated for a
domain join.
Andrew Bartlett
(This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638)
|
|
According to the WSPP docs, section 5.35,
this is the "process identifyer" of the client.
It is meant for informational and debugging purposes
only and its assignment is implementation specific.
Michael
(This used to be commit 579306eb5b58b6c1142b3c489e4bcf6da50810d6)
|
|
This knowledge is obtained from the wspp-docs (section 5.35).
Michael
(This used to be commit f5afb695045b1a2f3b8c00a4d82d40e8e50726c9)
|
|
This bit seems not to be documented in the WSPP docs.
Michael
(This used to be commit 705f79bd0a5e93daa0cb11b5dcca36e75c75df93)
|