| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).
Unfortunetly win2k3 still doesn't like what we provide, but every step helps.
Also use data_blob_const() when we are just wrapping data for API
reasons.
Andrew Bartlett
(This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)
|
|
(I have included the krbtgt key from my test network).
It turns out the krbtgt signature is over the 16 (or whatever,
enc-type dependent) bytes of the signature, not the entire structure.
Also do not even try to use Kerberos or GSSAPI on an IP address, it
will only fail.
Andrew Bartlett
(This used to be commit 3b9558e82fdebb58f240d43f6a594d676eb04daf)
|
|
length too,
it's always 16 bytes smaller than the size in the PAC_BUFFER
we now dump the blob's on LOCAL-PAC with -d 10
metze
(This used to be commit 4ef721ce53539ac56ca8ac4d601f512149ca7283)
|
|
- check if the buffer length of the original and created buffer are equal
metze
(This used to be commit 84ff2d87e28df3e2b3c1495a9ea48f40221b96ae)
|
|
memory checks
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee17941595e9842a264bf89ac73ca66cea7ed5)
|
|
Heimdal' case.
Andrew Bartlett
(This used to be commit b7c3c2f67188d8c8478d93e6890a81fa7d468061)
|
|
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
this out by asking GENSEC, just like everybody else.
Andrew Bartlett
(This used to be commit 0268d6c46b73bf2097247639df2532b5e8591531)
|
|
Andrew Bartlett
(This used to be commit 8d503fb153c25580c06dd13ca83df47f9e434c7a)
|
|
client and server logic code. In future, this may allow us to build
only the NTLMSSP client, and not the server, but in the short-term, it
allows me greater sainity in moving around these files.
Andrew Bartlett
(This used to be commit 2f22841c6753e3d5816c12bd463b71f74e1d8796)
|
|
The aim here is to remove the extra layer of abstraction, and to then
use the credentials code directly in the NTLMSSP layer.
Andrew Bartlett
(This used to be commit b14c530dfd3e56975dea7e30aa8d62d4f2827700)
|
|
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
|
|
(This used to be commit 7067bb9b52223cafa28470f264f0b60646a07a01)
|
|
(This used to be commit b378aae95d4001c4cf4e6e59ed80ee1bd55382ee)
|
|
This means that 'require NTLMv2 session security' now works for RPC
pipe signing. We don't yet have sealing, but it can't be much further.
This is almost all tridge's code, munged into a form that can work
with the GENSEC API.
This commit also includes more lsakey fixes - that key is used for all
DCE-RPC level authenticated connections, even over CIFS/ncacn_np.
No doubt I missed something, but I'm going to get some sleep :-)
Andrew Bartlett
(This used to be commit a1fe175eec884280fb7e9ca8f528134cf4600beb)
|
|
calculation.
Andrew Bartlett
(This used to be commit 16ef31a79ed959e80904b84b0230cadb1a7dd8d1)
|
|
Andrew Bartlett
(This used to be commit a8e76085a7414068aa96b6544b28afc1e1e1010c)
|
|
Andrew Bartlett
(This used to be commit 81678f8dc6fc7ef7218c7fad2b2766355927f21c)
|
|
...fix the build
metze
(This used to be commit 49118189444e020b4d3159b6edbc6f7559dbb1a6)
|
|
Andrew Bartlett
(This used to be commit 9df5cbbd7694202c17a7c47ed0469d6f80412c54)
|
