Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
metze
|
|
Also ignore auth trailers in level connect on receive.
This fixes [krb5,connect] against windows.
TODO: maybe the gensec mech need to decide if signatures
are needed in level connect.
metze
(This used to be commit 2e3629719790e7631d9de383b565dc8a0997bcfb)
|
|
metze
(This used to be commit 20fc0d7bfdaa60d6a8ac939dc64733a91652587e)
|
|
you need "dcesrv:header signing=yes" to enable it.
metze
(This used to be commit bde2496e6b7034c99243b22434a97aebeb8f75b9)
|
|
metze
(This used to be commit c2186d5d60aa2b57ecafaa57f9fd41f2a6717046)
|
|
(This used to be commit b62490e3e21b606b66e0737a403b0d170b64cddd)
|
|
Allow 0 and 0x12345678 only.
This fixes the RPC-HANDLES test.
metze
(This used to be commit c123e597cc84685abf2b0d3564e1a26d80bbef2f)
|
|
(This used to be commit ae311d89d2d477b235a6a9294a8bb463ed0a8c05)
|
|
presumably LSA).
Tests show that Vista requires the sesion key to be truncated for a
domain join.
Andrew Bartlett
(This used to be commit af629a3738298d27eb2dbecf466ceb503cec9638)
|
|
This check breaks more than it fixes, and while technically not
correct, is the best solution we have at this time. Otherwise,
SCHANNEL binds from WinXP fail.
Andrew Bartlett
(This used to be commit f8628fa330abcd50923d995d5bda1f4811582ea9)
|
|
metze
(This used to be commit 9ff0ce42b32bf0f1463d2cb9c2a6595f51b13d04)
|
|
context is altered by dcerpc alter_context requests. It prevents dcerpc_server from returning errors (nca_s_fault_access_denied, then nca_s_fault_context_mismatch in further client requests) and keeps the connection alive.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 718f9ce6889346c92894e868f0678fbe404a43ab)
|
|
and adds a const 4 bytes blob to pkt.u.fault.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit 652b8c5f156b357e231057a5a0fbded88f4f9c5f)
|
|
Conflicts:
source/auth/credentials/config.mk
source/auth/gensec/config.mk
source/build/smb_build/makefile.pm
source/heimdal_build/config.mk
source/lib/events/config.mk
source/lib/nss_wrapper/config.mk
source/lib/policy/config.mk
source/lib/registry/config.mk
source/lib/socket_wrapper/config.mk
source/lib/tdb/config.mk
source/lib/tls/config.mk
source/lib/util/config.mk
source/libcli/config.mk
source/libcli/ldap/config.mk
source/libnet/config.mk
source/librpc/config.mk
source/param/config.mk
source/rpc_server/config.mk
source/scripting/ejs/config.mk
source/smbd/process_model.mk
(This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
|
|
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
|
|
(This used to be commit 0ba8ac6a14c62ff9edfe9f0bf43b8a7406b85291)
|
|
(This used to be commit a1280252ce924df69d911e597b7f65d8038abef9)
|
|
(This used to be commit 8858cf39722f192865e531164c72039fd18d7a8d)
|
|
(This used to be commit 28b1d36551b75241c1cf9fca5d74f45a6dc884ab)
|
|
(This used to be commit 7352206f4450fdf881b95bda064cedd9d2477e4c)
|
|
(This used to be commit 9d806da113b5f0688b6193dfdee9b8765e18b38f)
|
|
(This used to be commit fc1f4d2d65d4c983cba5421e7ffb64dd75482860)
|
|
lib/messaging/
lib/registry/
lib/ldb-samba/
librpc/rpc/
auth/auth_winbind.c
auth/gensec/
auth/kerberos/
dsdb/repl/
dsdb/samdb/
dsdb/schema/
torture/
cluster/ctdb/
kdc/
ntvfs/ipc/
torture/rap/
ntvfs/
utils/getntacl.c
ntptr/
smb_server/
libcli/wrepl/
wrepl_server/
libcli/cldap/
libcli/dgram/
libcli/ldap/
libcli/raw/
libcli/nbt/
libnet/
winbind/
rpc_server/
metze
(This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
|
|
(This used to be commit b7371f1a191fb86834c0d586d094f39f0b04544b)
|
|
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
|
|
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
|
|
(This used to be commit 9b256a0ca232ea6e89771bf73a1adf877273a752)
|
|
work, but to an odd bind failure I noticed in a trace. I need to
commit this with changes to the torture suite.
Andrew Bartlett
(This used to be commit 3ab90ad312b85b5a887090418e9cb7594f519b2f)
|
|
machine accounts are not subject to password policy in Win2k3 R2 (at
least in terms of password quality).
In testing this, I found that Win2k3 R2 has changed the way the old
ChangePassword RPC call is handled - the 'cross-checks' between new LM
and NT passwords are not required.
Andrew Bartlett
(This used to be commit 417ea885b41cc097a0bb3a10ffbffb31f234f25d)
|
|
Note that the correct return for a failed alter_context is a fault,
not a bind_nak.
Andrew Bartlett
(This used to be commit 52cce94532edf1dd7f26e39bf3377f0077ea6792)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
if we return a zero assoc_group_id longhorn beta3 stops
after getting the bind_ack.
metze
(This used to be commit 09aea65960073cc8b50a4b39531490876f6d89ef)
|
|
(This used to be commit 52f32b7330ee1a2dd5850fd0e412279777edc00d)
|
|
linked list when moving it to another. This could cause a valgrind
error under the RPC-SCANNER test.
(This used to be commit 9ba8c008513e362fbb860af899006505cadb4a2f)
|
|
TODO: we need to correctly implement assoc groups!
metze
(This used to be commit df7c6c6e0b961eda8daf182df8faed6b29639149)
|
|
also make it possible to pass and get the assoc_group_id for
a pipe.
also make it possible to pass the DCERPC_PFC_FLAG_CONC_MPX flag
in bind requests. From the spec it triggers support for
concurrent multiplexing on a single connection.
w2k3 uses the assoc_group_id feature when it becomes a domain controller
of an existing domain. Know the ugly part, with this it's possible to
use a policy handle from one connection on a different one...
typically the DsBind() call is on the 1st connection while DsGetNCChanges()
call using the first connections bind handle are on the 2nd connection.
The second connection also has the DCERPC_PFC_FLAG_CONC_MPX flag attached,
but that doesn't seem to be related to the cross connection handle usage
Can anyone think of a nice way to implement the assoc_group_id stuff in our server?
metze
(This used to be commit 2d8c85397d9027485ed6dbdcca87cc1ec84c7b76)
|
|
(This used to be commit 3cc299dbbe278936281f8e7071e6de8ec1bb219c)
|
|
uint32_t server_id
to
struct server_id server_id;
which allows a server ID to have an node number. The node number will
be zero in non-clustered case. This is the most basic hook needed for
clustering, and ctdb.
(This used to be commit 2365abaa991d57d68c6ebe9be608e01c907102eb)
|
|
Break up auth/auth.h not to include the world.
Add credentials_krb5.h with the kerberos dependent prototypes.
Andrew Bartlett
(This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
|
|
when I fixed the previous bug in this code.
We need to remove fragments from the incoming fragment list, or else
we leak (actually, we walk free()'ed data as we add/remove elements).
Andrew Bartlett
(This used to be commit 77473d2ef9a7673cebb56b398acf390fd51a08c8)
|
|
Andrew Bartlett
(This used to be commit 27259f3632a3fe21cfc5d1375aa630ec0f9f4734)
|
|
We were adding packet fragments onto the *reply* queue, not the
recieve queue. This worked, as long as we got a whole packet before
we did any reply work, but failed once the backend called a remote
LDAP server (and I presume something invoked the event loop).
Andrew Bartlett
(This used to be commit a0162e0ace48104d94f7b7dd3d2f62a7f42e10c6)
|
|
* Move dlinklist.h, smb.h to subsystem-specific directories
* Clean up ads.h and move what is left of it to dsdb/
(only place where it's used)
(This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
|
|
and pass the messaging context to the call
metze
(This used to be commit 0d7f16d7befa1e8824173d7b9da580e6a92ae4e5)
|
|
(This used to be commit 396d82a231b6e3a91178db08b706626d4d4b420c)
|
|
(This used to be commit 3fb9f07a7576c465853b03916cb7c0e87e68a276)
|
|
metze
(This used to be commit fb1debf219089188d1a8233ab3ff4ff314f7df0b)
|
|
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
|