| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
|
|
w2k3 trust
metze
(This used to be commit 5101cd51a24fdcda8dd8fc4da446782948290f9b)
|
|
metze
(This used to be commit c04a77ed6945db0292434fb5461a884708a9ebf2)
|
|
Guenther
(This used to be commit 5dde59be0995b9893ef476b06c259776c1115ae7)
|
|
(This used to be commit 9da455ed56ebc167f295b231c2730e3ff9c94617)
|
|
lm hash from the samdb, and thus not checking the verifier)
fixed the client side to calculate the lm verifier based on the nt
hash, not the lm hash (confirmed using w2k3)
(This used to be commit 27e7fb3bafe4649359e2e68169b6f10fd4d2cc70)
|
|
metze
(This used to be commit 523e6acf4fec5d4946fa7c0c89f40d7d712c9f3a)
|
|
metze
(This used to be commit e28351f710525ca9863210974544a8b1a537e63a)
|
|
it is dead
(This used to be commit f0263672fd1eb79bfa3a94663de1cea996c92880)
|
|
that works only on SCHANNEL secured connections (as it needs the
implicit credentials).
Fix some of the IDL.
Andrew Bartlett
(This used to be commit 90cd7b34cc18e758e939e0183281b7a517d728f0)
|
|
Andrew Bartlett
(This used to be commit 49c794a6b215f81fd0dba0e7f6812c647b3d91c7)
|
|
to make DsWriteAccountSpn() work
- add idl and torture test for DsWriteAccountSpn()
metze
(This used to be commit 625826ad9050c68407ae5e8abfee13699986303c)
|
|
names and other assistance from the ethereal sources.
More work needs to be done to validate some of the levels, which do
not appear in the query - perhaps they are modification levels.
Andrew Bartlett
(This used to be commit 63635533693fa364b0c697a3fe1010b3eb8b17d3)
|
|
seem to be 'shortcut' RPCs, that just avoid an open/query pair).
Rename a few others to give us a slightly sensible pattern.
Andrew Bartlett
(This used to be commit d6a7ab57e74ab89dd163d5f9f5f901e586b0aad4)
|
|
metze
(This used to be commit 62d26e0b91703d667e94d016e7943b6883130579)
|
|
metze
(This used to be commit 1ffabbaa667c7dec6657ec523f92f072a2a47a95)
|
|
metze
(This used to be commit ba67e98835095e940c23d095422e0cd72e105aee)
|
|
Andrew Bartlett
(This used to be commit f2c86e619440c715499a28da5bfe22272458f0af)
|
|
* Add new IDL to LSA, to query information about trusted domains (for
cross-check with SamSync).
Andrew Bartlett
(This used to be commit 174c0778421b5154ff2ba809688ea6ef38a1478b)
|
|
* Add new LSA calls to open trusted domains
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit ed838beddb3cb7b0015313a310303f831ed4f11b)
|
|
* Add new tests for ACCOUNTs in SamSync
* Clean up names in NETLOGON and LSA
* Verify Security Descriptors against LSA, as well as SamR
Andrew Bartlett
(This used to be commit 7094502fe0346255a89667f702289b4c8dc9fa08)
|
|
(This used to be commit 4840eaeed3cfd72026babb382f26929c29702713)
|
|
verify that the security descriptor found in the SamSync is the same
as what is available over SAMR.
Unfortunately, the administrator seems unable to retrieve the SACL on
the security descriptor, so I've added a new function to compare with
a mask.
Andrew Bartlett
(This used to be commit 39ae5e1dac31a22086be50fb23261e02be877f3f)
|
|
- move dom_sid, security_descriptor, security_* funtions to one place
and rename some of them
metze
(This used to be commit b620bdd672cfdf0e009492e648b0709e6b6d8596)
|
|
what's unimplemetned (tests of the group members)
Andrew Bartlett
(This used to be commit 3b81305e2b7ee3e6acabcd8b0e9ed121d4b08840)
|
|
Andrew Bartlett
(This used to be commit 90398fda41dd15480899e3628df186eb02fdc139)
|
|
secrets interface correctly. (New interface added).
Andrew Bartlett
(This used to be commit 994ac7f031e2b2d528595a4a0a446d92074d6ecf)
|
|
This compares values for the domain and for secrets. We still have
some problems we need to sort out for secrets.
Also rename a number of structures in samr.idl and netlogon.idl, to
better express their consistancy.
Andrew Bartlett
(This used to be commit 3f52fa3a42b030c9aef21c8bd88aad87a0aae078)
|
|
(This used to be commit fc9748841ec439a097e9713e1b60dbcd647469e2)
|
|
rather then a large table in librpc/gen_ndr/tables.c. This will allow us
to only link in only the required gen_ndr files (speeds up linking quite a
bit, makes binaries smaller).
Each gen_ndr_* file now has a init function that calls the init functions
of the interfaces it contains. I did it this way to keep pidl's code simple,
though it might hurt startup time a bit. I'd be happy to change it if
people like one function better.
(This used to be commit 3c436590ae95b58ad6d00e72d6fdd08a4d80f208)
|
|
certainly not complete, we need to verify all incoming data, not just
accounts.
This needs to be exercised against some 'intersting' users, but for
now it shows that the IDL is already very accurate, particularly after
the previous commits cleanups of names.
Also commit the changes to keep RPC-LOGIN building.
Andrew Bartlett
(This used to be commit 87ec6834bc75012527454abc0e854b1cf2120088)
|
|
NETLOGON.
In particular, rename samr_Name to samr_String - given that many
strings in this pipe are not 'names', the previous was just confusing.
(I look forward to PIDL turning these into simple char * some day...).
Also export out a few changes from testjoin.c to allow for how I have
written the new RPC-SAMSYNC test.
Andrew Bartlett
(This used to be commit 9cd666bcfb1fc752a4717010a7c4f05131dc728e)
|
|
We now (for the first time) start to parse the 'user sensitive info'
field, which reveals the user's NT and LM passwords from Win2k3.
Using this, the 'validate samsync against netlogon' portion of the
tests works for accounts.
Trusted domains and secrets are now retreived, but like users,
require further cross-validation work.
Andrew Bartlett
(This used to be commit c1d3794cad8b001661b48ecb05df5c38a69be92c)
|
|
See -r 3686
Andrew Bartlett
(This used to be commit ab12134286267299c0bf60d03407429bb7de593f)
|
|
Break out the samsync tests from RPC-NETLOGON into a new RPC-SAMSYNC,
that will cross-verify all the values.
Add support for the way netlogon credentials are shared between the
pipe that sets up schannel and the pipe that is encrypted with it.
Test this support, by calling both NETLOGON and SAMR operations in the
RPC-SCHANNEL test.
Move some of the Netlogon NEG flags into the .idl, now we have an idea
what a few of them really are.
Rename the sam_pwd_hash into a name that has meaning (all other crypto
functions were renamed in Samba4 ages ago).
Break out NTLMv2 functionality for operation on the NT hash - I intend
to do NTLMv2 logins in the samsync test in future, and naturally I
only have the hash.
Andrew Bartlett
(This used to be commit 6e6cc6fb9842113a1b0c7f6904dac709b320a6e5)
|
|
flags individually have an impact (above what we already expect).
Andrew Bartlett
(This used to be commit 68dd173dc0539f290f40ee90f398591409765932)
|
|
Interestingly, all the interesting flags are a '4' (as hex digits in
the flag).
Andrew Bartlett
(This used to be commit 295e09fa3ea2cae48da1e934c1ec180e5678f0c9)
|
|
Andrew Bartlett
(This used to be commit cd23ddd0a7e87e217a93af499122e97e8dae4dd7)
|
|
RPC-SAMLOGON of their own.
I have expanded the tests to validate the use of various flags, which
change some of the crypto behaviour.
Andrew Bartlett
(This used to be commit 3a140a3691ce49ebf4d1efcb99cfffd26c68a28f)
|
|
appear in netlogon, despite what the LM response may look like).
Make the logon tests less verbose - only print test names on failure.
Andrew Bartlett
(This used to be commit 49c335bcd8852bcf2f4663b9fd514bf3da0fa50d)
|
|
tuning
Samba3/OpenLDAP for. For a concrete situation you have to adapt the domain,
pdcname and usernames/passwords. Sorry, not parametrized yet, but this should
be doable if necessary.
Volker
(This used to be commit 02f52058722fc1aea02d4fe237c97404d8e4f491)
|
|
SamLogonWithFlags).
Andrew Bartlett
(This used to be commit 7937503849125e8a351abd547accab3715fc8b13)
|
|
(Hmm, this whole section should be broken out into a new file, I
think).
Add new tests, particularly of the LM key for NTLMv2 responses, and
the (changed, apparently) session key for LMv2 only logins.
Next is to add SAMR modification and cross-validation.
Andrew Bartlett
(This used to be commit be99ee4719a98c3fca13136d0c72f18a852fbd4e)
|
|
(This used to be commit 709f279b192c8f9eeea04749169c00f2d57b20d3)
|
|
use of contexts.
(This used to be commit 93eb3cd99c4fb065a69eabcead0c33804259c976)
|
|
which will join as a w2k dc joins a ads domain
(this is currently not fully implmented,
I just have listed the steps we need to do)
metze
(This used to be commit 29cd3d20e39766455e488c6e240228d8815bd36b)
|
|
Andrew Bartlett
(This used to be commit fb7bc73f581c8b13041a91a115b4932f76b00ca7)
|
|
- Support for sending over the object UUID in DCERPC calls
- Simple torture test for the DCOM "Simple" object
- Generate extra argument for "object" interfaces in pidl
- Some stubs for common DCOM functions
(This used to be commit c052f2e1edd816206d8974af3140cec7ef97a70c)
|
|
('{faedf4f9-0de8-4582-b8b6-c475efefbe5a}')
- resolve the GUID's we got in DsGetDomainControllerInfo in the DsCrackNames test
metze
(This used to be commit f6310695821a7e750dd37936a6145232d81ab413)
|
|
- fix a scalar vs pointer bug
metze
(This used to be commit 8e3f87b9e045d85888e6c34ea60fe16aa67f8686)
|
