| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
(This used to be commit 306eb848654e0cadb0ebe10c29420fc0c30a64c4)
|
|
on trunk
(This used to be commit 606caddeb95382287fa41a5017ca473d0301be6b)
|
|
group in a state where it can't be deleted via samr, which breaks
repeated runs of the test.
(This used to be commit bcad9efd728983c2d8932ef93eebd3d0c6d4d085)
|
|
(This used to be commit fb5796b0dccf7cd518db03e6456d986f17e50345)
|
|
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
|
|
metze
(This used to be commit f65cba9047c6a206e5aaade15b157e07fe4c8bd2)
|
|
pwd -> password
passwd -> password
username -> account_name
Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.
Andrew Bartlett
(This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
|
|
This includes the netlogon pipe, for the machine account password
change system.
Andrew Bartlett
(This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
|
|
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
|
|
indicate this although I could not find any consistent pattern.
I found this as 'net rpc group list local' in Samba3 sets this to 250 and only
gets a fixed, but incomplete list of groups out of W2k3.
I tried to correlate the results I got from w2k3 with the LDAP contents of the
corresponding entries, but I could not find anything. Ethereal only decodes
the lower byte, but to get all it seems necessary to have 0xffff here.
If you have time, could you might want to spend some of it decoding the bits
for SAMR completeness....
Volker
(This used to be commit 74e59c45603a9f897a24e37fc7626cf8ffc81403)
|
|
metze
(This used to be commit b5378803fdcb3b3afe7c2932a38828e83470f61a)
|
|
- moved some sec desc defines into misc.idl
- fixed pw_len field in UserInfo26
- made some pipes available on TCP
- added netr_DsrEnumerateDomainTrusts() to netlogon
- added templates for remaining netlogon IDL calls (from ethereal)
- added a unistr_noterm vs unistr error detector in ndr basic decoder
- added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
|
|
- added start of QueryDomainInfo in samr server
"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
|
|
GetDomPwInfo
(This used to be commit 00096609978e829b5da36040c15afa087e71eaa5)
|
|
metze
(This used to be commit 2986c5f08c8f0c26a2ea7b6ce20aae025183109f)
|
|
metze
(This used to be commit af6f1f8a01bebbecd99bc8c066519e89966e65e3)
|
|
metze
(This used to be commit 0e5517d937a2eb7cf707991d1c7498c1ab456095)
|
|
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
|
|
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
|
|
includes all
of the password complexity, password history and other password restrictions.
(This used to be commit cb070b9084d95cf5178edbef951b75eab62b7220)
|
|
samr_DeleteDomainGroup.
I've added the hidden attribute numMembers that must be maintained by
Add/DelGroupMember for the GroupInfoAll query.
Volker
(This used to be commit 945d7478605c1bd67e4162ebb0635ab7da11faaf)
|
|
Andrew Bartlett
(This used to be commit a04b074c049db832f4c02a35d951d40875fce6d1)
|
|
unmapped names
(This used to be commit e3b31625f476cb1b8a4d5003dee2c574582c9b46)
|
|
in our new samr server
(This used to be commit 0f2503111498e809237e0155962db55dfde8cbfb)
|
|
added tests for the level 23 and 25 password change methods
(This used to be commit d49f7a6a0d1895de3d654a5b46c6aec3a57fde76)
|
|
thanks to Luke Howard for this test
(This used to be commit 891653e7d40f581016085e2c32e2802eea7e7ade)
|
|
afterwards for the RPC-NETLOGON test. This makes it much simpler to
run the test and also means that it doesn't distrurb any existing
domain join you might have.
(This used to be commit feac996794d5cc16e3612fb2901668a9b1e1d274)
|
|
(This used to be commit 4b4f025504cb5b92c8b119259f1df622cd72ec7c)
|
|
yay!
(This used to be commit 0221566cf5ff7dc5ce0de9af451b935ed8615f4e)
|
|
stick
(This used to be commit b2ebaf95b75b050ad02ca967867337cd81faa859)
|
|
possibly destructive tests. Use with care!
Added IDL and test code for samr_Shutdown() and samr_SetDsrmPassword()
(This used to be commit 84de0b7e58c69e0817b9d475de0895a54cc95927)
|
|
request (a dead socket). I discovered this when testing against Sun's
PC-NetLink.
cleaned up the naming of some of the samr requests
add IDL and test code for samr_QueryGroupMember(),
samr_SetMemberAttributesOfGroup() and samr_Shutdown(). (actually, I
didn't leave the samr_Shutdown() test in, as its fatal to windows
servers due to doing exactly what it says it does).
(This used to be commit 925bc2622c105dee4ffff809c6c35cd209a839f8)
|
|
(for example, not filling in extra
fields in level21 setuserinfo)
(This used to be commit d06ed158f9aef94159bfc09065ca5ad0c4c99de3)
|
|
Also added much better handling of random password generation in the
password change test code
(This used to be commit 67ae0b2a9851c1e77fdaa9f317a83bd54950618f)
|
|
samr_GetBootKeyInformation() and samr_Connect3()
also added some stub IDL for samr_SetBootKeyInformation() although I
don't yet have working test code. This one is tricky, as if you get it
wrong then the target system won't boot any more :)
(This used to be commit 118b6fc292ba3257511b1b83846582013fb59b23)
|
|
- completed the IDL and test code for the various set user password
mechanisms in samr. Three password mechanisms are now working, the
UserInfo24 method, the OemChangePasswordUser2() method (which only
sets the LM password) and the ChangePasswordUser2() method which sets
both the LM and NT passwords.
- updated some crypto routines to support the password change tests
(This used to be commit 051efa2abf9d1fbbf783df411c02f2714027f813)
|
|
samr_AddMultipleMembersToAlias(),
samr_RemoveMultipleMembersFromAlias(), samr_OemChangePasswordUser2(),
and samr_ChangePasswordUser2()
The password change functions don't actually work yet (but should
soon). At this stage I have just completed the IDL for them. Next step
is to get the hash verifiers right and the torture test should be able
to do password changes.
(This used to be commit 849d0d314a2add80f2b2be6b503fea05973f998e)
|
|
samr_QueryUserInfo2(), samr_QueryDisplayInfo2() and
samr_GetDisplayEnumerationIndex2()
(This used to be commit fddda52500d482bde79994c14a0a822a1d305ac3)
|
|
samr_GetDisplayEnumerationIndex(), samr_TestPrivateFunctionsDomain(),
samr_TestPrivateFunctionsUser() and samr_RemoveMemberFromForeignDomain()
(This used to be commit 53c66708874f9f8e7868530cd2a780160e2eca01)
|
|
(This used to be commit 747351140b839879abe1a79a005d81ca4b35a658)
|
|
(This used to be commit 0b8203306d9eb61aaec9549d56c40831fcd091c3)
|
|
(This used to be commit fe1fc81ba76515b79069881d2d62f60201314d04)
|
|
test code
(This used to be commit 46185a71ba0e06544cacf117654e4dbf39385378)
|
|
(This used to be commit 9f12fb39dbac886582d0ccce418491522c042fe6)
|
|
group names.
Volker
(This used to be commit 481cec94c47ffda341e00d628cf34c2c7b5de2fa)
|
|
(This used to be commit ccce61287de07684159e2de990773f4098e07652)
|
|
e.g.
ncacn_np:myserver:[samr,sign,print]
will now enable the packet debugging
and the debugging is not bound anymore to the debuglevel >= 2
in the torture tests
- also the dcesrv_remote module now supports debugging of the packets
use the 'dcerpc_remote:binding' smb.conf parameter.
metze
(This used to be commit 40abf3c584efed7f977ddd688ea064540e5a5b13)
|
|
(This used to be commit 2372321eedb6d446c1555ed318bd98743cabaaa0)
|
|
we needed to adjust the alignment of [relative] buffers for this to
work. I wonder if they are always 4 byte aligned?
(This used to be commit 9cd0a0b8b976e62c6da71b7e55cba5b38483620d)
|
|
(This used to be commit abe7ffcece5fcb75b0cf5633dd5871fa3e3c1723)
|
