Age | Commit message (Collapse) | Author | Files | Lines |
|
encapsulates all the different session setup methods, including the
multi-pass spnego code.
I have hooked this into all the places that previously used the
RAW_SESSSETUP_GENERIC method, and have removed the old
RAW_SESSSETUP_GENERIC code from clisession.c and clitree.c. A nice
side effect is that these two modules are now very simple again, back
to being "raw" session setup handling, which was what was originally
intended.
I have also used this to replace the session setup code in the
smb_composite_connect() code, and used that to build a very simple
replacement for smbcli_tree_full_connection().
As a result, smbclient, smbtorture and all our other SMB connection
code now goes via these composite async functions. That should give
them a good workout!
(This used to be commit 080d0518bc7d6fd4bc3ef783e7d4d2e3275d0799)
|
|
Andrew Bartlett
(This used to be commit 70860779ae4d6be6d592e3635b091f0a5f29df6a)
|
|
- added async support to the negprot client code
- removed two unused parameters from smbcli_full_connection() code
- converted smbclient to use smbcli_full_connection() rather than
reinventing everything itself
(This used to be commit 71cbe2873473e039b4511511302cb63f1c50bce8)
|
|
- make use of talloc destructors
metze
(This used to be commit 8308da6ce4a95f8c10e22949ef00e9e64f2dbb85)
|
|
POSIX offset for the trusted domain.
Andrew Bartlett
(This used to be commit cd9e795e4004e28dc0184b86f0c44431378fc3ff)
|
|
netr_ServerPasswordSet and netr_ServerPasswordSet2
so we do now
I also add a torture test for this
metze
(This used to be commit d896ac603a5cf387a10b21e64e2c92ff2626bc4d)
|
|
Andrew Bartlett
(This used to be commit 8f47c7b02cc28eda022154796c7341fd63a87cc5)
|
|
Add my copyright to the SAMR server.
Andrew Bartlett
(This used to be commit 51e94fa26cc602ddca652776c213cd7096f9703a)
|
|
metze
(This used to be commit 7d8ba92da2b8babe7165f105591fd3e5738b2319)
|
|
test. This way, it must have at least one domain to enumerate.
Andrew Bartlett
(This used to be commit c19f1850ee76db07d4ab5654039bc1f78377994d)
|
|
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
|
|
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-)
Andrew Bartlett
(This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
|
|
the backend should check for
(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)
then it's allowed to reply async
then the backend should mark that call as async with
dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
later it has to manualy set r->out.result
and then send the reply by calling
status = dcesrv_reply(p->dce_call);
NOTE: that ncacn_np doesn't support async replies yet
- implement an async version of echo_TestSleep
- reenable the echo_TestSleep torture test
(this need to be more strict when we have support for async ncacn_np)
metze
(This used to be commit f0a0dbeb25b034b1333078ca085999359f5f6209)
|
|
metze
(This used to be commit b020dbec89a85619ae3ee12f4dd0e3828d30ba04)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
testsuite for all the different flag types. (We really only need to
know if we are getting the session key crypto stuff right, and one
call can tell us that).
Andrew Bartlett
(This used to be commit 8807498f6d3ff248c4d42bf18db45cfe25bd3b2f)
|
|
only the OLD secret value.
Andrew Bartlett
(This used to be commit 5853af89c8dd5c4d6220f395bcc18708398999af)
|
|
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
|
|
Andrew Bartlett
(This used to be commit 357d9114f002a607f80985588bbac150fa40d2bc)
|
|
Andrew Bartlett
(This used to be commit a17a8fbf9a843c2c9e10940878b43ad8e1583091)
|
|
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
|
|
(This used to be commit ba6caa99a454cb3393c8898f1e5be4a432b820c4)
|
|
it can't be changed (so you have to create a new context_id, not
change the interface bound to an existing one)
(This used to be commit 5f10a8f8d04d627927d9870c87d6e7d8b98d563c)
|
|
(This used to be commit b1ff60667038aa1e2d7c6ad2015ba33ac5a90dc6)
|
|
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
|
|
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
|
|
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
|
|
replace).
Andrew Bartlett
(This used to be commit ddb54d4ea1610b38e011e2f217ded7b6278d5290)
|
|
only needs WS privilages anyway.
Andrew Bartlett
(This used to be commit a093c4f98e833198ee59064b2cb9b9b45a188a59)
|
|
Andrew Bartlett
(This used to be commit 96806136ead3d1949516b2cfe7350a4e10681c28)
|
|
request to
kill the domain controller I'm asking. In samba4 torturing the DC is just so
easy, commit the test to randomized ask for DCs for all trusted domains.
Volker
(This used to be commit edb918762e1e46909520f13e28dcf8cedb2919b1)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
Andrew Bartlett
(This used to be commit 7bb00a80ac55252b8c05b33fd576b8606470e9be)
|
|
w2k3 does) or
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED (as longhorn does) to be an error.
fixed the CreateTrustedDomain test to cope with the "torturedomain" being left over
from a previous aborted run
(This used to be commit 429d79815c260781fae6eed28160d7507e780f34)
|
|
Include RPC-SAMLOGON in the list of tests expected to pass
Remove silly extra loops from the RPC-SAMLOGON test, which mostly just
slowed htings down.
Andrew Bartlett
(This used to be commit 518ca9fb695b0f9d480122a74a2159f7f17a3219)
|
|
- disabled the async netlogon tests for now until we better understand async rpc
- added a test_w2k3.sh script that runs rpc tests that a w2k3 DC
should pass. This is useful for regression testing when PIDL changes
are made.
(This used to be commit f7d4d3db489ad79457de70a85ad990159f6e74f8)
|
|
(This used to be commit fa3cecddd8065885dd461000de683eb0143eb481)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
the next commit is support for typedef bitmap {...}; in pidl
metze
(This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
|
|
(This used to be commit f9e0aa1ab1faac039893db241819907c9c4bb510)
|
|
combine the NTLM and LMv2 responses, for maximum compatability from a
client perspective, allowing access to servers that require NTLMv2, as
well as those that don't support it.
Currently, this is unfortunetly not possible against Win2k3 (and Samba
is being coded to match that behaviour at this point).
Andrew Bartlett
(This used to be commit 93b46ebe0f3cccd26b5ddd213553667e612c3701)
|
|
I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.
Andrew Bartlett
(This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
|
|
(This used to be commit f830adc54ada7f38f964a6ccb5270d2791325dd5)
|
|
(This used to be commit 77e14c28584c5917f22672b304cb0f8e37e883fd)
|
|
to match the style we are using in other pipes
- first fillin local vars and only set the out parameter on success
- for the server code only to the samdb lookup when it's needed
NOTE: the DsRoleGetPrimaryDomainInformation() code with DS_ROLE_MEMBER_SERVER
is not tested yet, does someone has a w2k3 member server to test with?
metze
(This used to be commit e6d1136497f501fe0687bfb34a155db6a9d87bde)
|
|
pipe is now complete!
The only glitch is that I am returning DS_ROLE_MEMBER_SERVER when I
should be returning DS_ROLE_PRIMARY_DC. This is needed for the moment
or ACL editing doesn't work from w2k3. Once we have some more ADS
calls we should be able to fix this.
(This used to be commit 6566dc2805a9f6473ebab70b0dbd381c4dbd42c8)
|
|
(This used to be commit dbcaff7c71c9b7ee984a2ed458b6c3ce27772740)
|
|
ds_RolerGetPrimaryDomainInformation()
(This used to be commit 7aec3dac6fd5165cfca5c650aaa29234e278d95d)
|
|
(This used to be commit d37f556258ba12479e4e9acc5cdb5535ebf41d7f)
|
|
For some reason I am getting ACCESS_DENIED from w2k3 on
lsa_LookupSids3(). I will investigate.
(This used to be commit c759fa0000e37c3e93a7529a7701998af6727612)
|