Age | Commit message (Collapse) | Author | Files | Lines |
|
Andrew Bartlett
(This used to be commit 70860779ae4d6be6d592e3635b091f0a5f29df6a)
|
|
POSIX offset for the trusted domain.
Andrew Bartlett
(This used to be commit cd9e795e4004e28dc0184b86f0c44431378fc3ff)
|
|
metze
(This used to be commit b020dbec89a85619ae3ee12f4dd0e3828d30ba04)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
|
|
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
Andrew Bartlett
(This used to be commit 7bb00a80ac55252b8c05b33fd576b8606470e9be)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
the next commit is support for typedef bitmap {...}; in pidl
metze
(This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
|
|
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
|
|
w2k3 trust
metze
(This used to be commit 5101cd51a24fdcda8dd8fc4da446782948290f9b)
|
|
metze
(This used to be commit c04a77ed6945db0292434fb5461a884708a9ebf2)
|
|
Andrew Bartlett
(This used to be commit 49c794a6b215f81fd0dba0e7f6812c647b3d91c7)
|
|
seem to be 'shortcut' RPCs, that just avoid an open/query pair).
Rename a few others to give us a slightly sensible pattern.
Andrew Bartlett
(This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
|
|
Andrew Bartlett
(This used to be commit f2c86e619440c715499a28da5bfe22272458f0af)
|
|
* Add new IDL to LSA, to query information about trusted domains (for
cross-check with SamSync).
Andrew Bartlett
(This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
|
|
* Add new LSA calls to open trusted domains
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit ed838beddb3cb7b0015313a310303f831ed4f11b)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|
|
what's unimplemetned (tests of the group members)
Andrew Bartlett
(This used to be commit 3b81305e2b7ee3e6acabcd8b0e9ed121d4b08840)
|
|
Andrew Bartlett
(This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
|
|
secrets interface correctly. (New interface added).
Andrew Bartlett
(This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
|
|
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
|
|
certainly not complete, we need to verify all incoming data, not just
accounts.
This needs to be exercised against some 'intersting' users, but for
now it shows that the IDL is already very accurate, particularly after
the previous commits cleanups of names.
Also commit the changes to keep RPC-LOGIN building.
Andrew Bartlett
(This used to be commit 87ec6834bc75012527454abc0e854b1cf2120088)
|
|
We now (for the first time) start to parse the 'user sensitive info'
field, which reveals the user's NT and LM passwords from Win2k3.
Using this, the 'validate samsync against netlogon' portion of the
tests works for accounts.
Trusted domains and secrets are now retreived, but like users,
require further cross-validation work.
Andrew Bartlett
(This used to be commit c1d3794cad8b001661b48ecb05df5c38a69be92c)
|
|
See -r 3686
Andrew Bartlett
(This used to be commit ab12134286267299c0bf60d03407429bb7de593f)
|