| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
memory checks
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee17941595e9842a264bf89ac73ca66cea7ed5)
|
|
(This used to be commit acd9fad3a4c578e20cd4bdb79a000a7ff70f680c)
|
|
(This used to be commit b71fbcf5e2c627d918aef555b8cc8dd4591d8fe7)
|
|
NT_STATUS_INVALID_HANDLE on a per call basis for a bad vuid. That
means it is doing checking for a valid vuid in each backend function,
rather than globally. I don't want to emulate that as it is way too
error prone, and could easily lead to a security hole, so instead
accept either error code in our test suite.
(This used to be commit aefa9e53fa97551c1b15bdd50565881e63aea9a8)
|
|
(This used to be commit 0f76449a08955cfe50178b6accfd631d7cf42da3)
|
|
The biggest change was fixing the RAW-CONTEXT test. It was forcing
capabilities to zero in an attempt to not negotiated extended
security, but as a side effect it was forcing negotiation of dos error
codes. This confused the hell out of the test code!
Also fixed a bunch of places incorrectly using NT_STATUS_V() instead
of NT_STATUS_EQUAL() and several places that had the wrong dos status
codes
(This used to be commit 0b22744f40804a0d6dc94bfc40ec09306f584f7e)
|
|
Heimdal' case.
Andrew Bartlett
(This used to be commit b7c3c2f67188d8c8478d93e6890a81fa7d468061)
|
|
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
|
|
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.
This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
(This used to be commit 87cdd117081193d215c5a9e3603438e058ad777b)
|
|
codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
|
|
(This used to be commit 23bff7bf6cf437e78db50b09f69fd1fbdf6aab35)
|
|
rafal
(This used to be commit cca6d792945477b86b2dd91f3c90152b69ee2a15)
|
|
rafal
(This used to be commit 0209fc67adae9d2003f06c826557306c2141a6a8)
|
|
rafal
(This used to be commit 1815a6af06aa791bfecb4aee8742701975d35318)
|
|
rafal
(This used to be commit e7870156dacb2e0346e24f8490bfd90e8b21ea96)
|
|
(This used to be commit 214e51b3c8021dfe31ad951603bae64fa281b0f8)
|
|
metze
(This used to be commit 47781fccbc9a4fc3867e4c3959a17765c7e4dc71)
|
|
regularly
(This used to be commit dac526845ea89ba732300105b3f82210b0828102)
|
|
- the out subcontext's need to have a fixed size of r->in.offered,
to make windows clients happy
metze
(This used to be commit 054e1ca434b2f81de199eeb41cb6233524fc5779)
|
|
- test AddForm on the PrintServer object
- GetForm() isn't allowed on the PrintServer object so remove NTPTR
function for it
- accept the dns name as servername in the spoolss server
metze
(This used to be commit d8c308a4653d59514915021607fe55c5f2b38749)
|
|
(This used to be commit 426c4d08ac9191c02dcd604a21ea390b7d255a41)
|
|
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
|
|
Not part of the "all" make target yet, as it requires xsltproc
(This used to be commit fd3f4636438cf1d9c0dd802064033271b9e4d935)
|
|
(This used to be commit aa9e7cf63a0e5ce7c9b7d121a4df064cd6fae90f)
|
|
(This used to be commit 470ad9a93fcbf961d7d89fd96f751ded39660f74)
|
|
(This used to be commit fe7055df94ecc81d6758ee7ff82534451d620d6a)
|
|
(This used to be commit 616f54015ff8c7b25fa500cb03d025a9950ed6cf)
|
|
(This used to be commit 8d43eb5b9790a6b24c792919386cac5c0b8ea7ac)
|
|
don't like to bother with netbios type names when looking for common
types: hosts (servers) and domain controllers. Also, apropriate tests
rafal
(This used to be commit 50cd94be0f876a3463aa58b7e0898e6b3340c4c2)
|
|
Session Setup code.
Add a mem_ctx argument to a few of the NTLMv2 support functions, and
add smb.conf options to control client NTLMv2 behaviour.
Andrew Bartlett
(This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
|
|
rafal
(This used to be commit ec29a1ffa7aec6f1822a92a8c62f5a0de51ec2ae)
|
|
rafal
(This used to be commit 4655881fac37dbf26a5d60385e5f0a70b8c1c775)
|
|
- got rid of smbcli_shutdown() and use talloc_free() instead.
(This used to be commit 1011b1bf51d420d6702ef448c894ea8ebeafa284)
|
|
(This used to be commit fbec0ed13bc20093da308dee0108721d88e9c322)
|
|
Andrew Bartlett
(This used to be commit 7520879bb08d191f0ab97508f14f525886b1b48b)
|
|
Now, to try and figure out why this logic failed for jra...
Andrew Bartlett
(This used to be commit a32066a9ecf7cd82f66eb8381e07d014f5ac5eff)
|
|
server as to the CIFS session key.
JRA had pain with this being wrong against NT4 (without spnego), hence
this specific test.
Andrew Bartlett
(This used to be commit 47f433708ba38db9bf569567cc048e65f2786ebe)
|
|
(no need for it to hang around forever).
Add test for this behaviour.
Andrew Bartlett
(This used to be commit 36dc2491d778fbbff32c4abdf95faa9f83024e12)
|
|
pipe is still OK
(This used to be commit 9f7f70124fc67109bc9ace7a57490851341ad759)
|
|
(This used to be commit eddf41d5e4ca43073b96f96b96dbadf7b8b91df5)
|
|
(This used to be commit b9ed92d550f1b821c5402a516eb2dfc2c8d69f0a)
|
|
(This used to be commit 331afee4ca5bc6a6f7e4fe3333846881424314fe)
|
|
result as "")
- test EnumForms() on the PrintServer (NT4 returns WERR_BADFID)
(jerry: how do it get the lists of forms in the printserver gui)
metze
(This used to be commit fddfe1f04b3ae594e75d702aba4d17ee4d103b8e)
|
|
event_context for the socket_connect() call, so that when things that
use dcerpc are running alongside anything else it doesn't block the
whole process during a connect.
Then of course I needed to change any code that created a dcerpc
connection (such as the auth code) to also take an event context, and
anything that called that and so on .... thus the size of the patch.
There were 3 places where I punted:
- abartlet wanted me to add a gensec_set_event_context() call
instead of adding it to the gensec init calls. Andrew, my
apologies for not doing this. I didn't do it as adding a new
parameter allowed me to catch all the callers with the
compiler. Now that its done, we could go back and use
gensec_set_event_context()
- the ejs code calls auth initialisation, which means it should pass
in the event context from the web server. I punted on that. Needs fixing.
- I used a NULL event context in dcom_get_pipe(). This is equivalent
to what we did already, but should be fixed to use a callers event
context. Jelmer, can you think of a clean way to do that?
I also cleaned up a couple of things:
- libnet_context_destroy() makes no sense. I removed it.
- removed some unused vars in various places
(This used to be commit 3a3025485bdb8f600ab528c0b4b4eef0c65e3fc9)
|
|
(This used to be commit b2529307aaf1e47ce74632b4e516494ac71fe8d1)
|
|
- hooked into events system, so requests can be truly async and won't
interfere with other processing happening at the same time
- uses NTSTATUS codes for errors (previously errors were mostly
ignored). In a similar fashion to the DOS error handling, I have
reserved a range of the NTSTATUS code 32 bit space for LDAP error
codes, so a function can return a LDAP error code in a NTSTATUS
- much cleaner packet handling
(This used to be commit 2e3c660b2fc20e046d82bf1cc296422b6e7dfad0)
|
|
element in a structure is not necessary any more.
(This used to be commit 912d0427f52eac811b27bf7e385b0642f7dc7f53)
|
|
- add EnumMonitors() server code and return "Standard TCP/IP Port"
- add parsing for opening Ports and Monitors with OpenPrinterEx()
metze
(This used to be commit 08e6de37bc293e2f000d03b51642964d92d6e95e)
|
|
- use the same names as etherel (offered,needed) for the buffer sizes
(and they are really independently used)
metze
(This used to be commit f5532a5b74e972f44ed8aa19ee9c5851a4b40f65)
|
|
This always loads all the services, as we now don't have an easy way
to split out smbd.
Andrew Bartlett
(This used to be commit 990e061939c76b559c4f5914c5fc6ca1b13e19dd)
|
