Age | Commit message (Collapse) | Author | Files | Lines |
|
with an aim to make the code simpiler and more correct.
Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over
all keytypes)' code in gensec_krb5, we now follow the approach used in
gensec_gssapi, and use a keytab.
I have also done a lot of work in the GSSAPI code, to try and reduce
the diff between us and upstream heimdal. It was becoming hard to
track patches in this code, and I also want this patch (the DCE_STYLE
support) to be in a 'manageable' state for when lha considers it for
merging. (metze assures me it still has memory leak problems, but
I've started to address some of that).
This patch also includes a simple update of other code to current
heimdal, as well as changes we need for better PAC verification.
On the PAC side of things we now match windows member servers by
checking the name and authtime on an incoming PAC. Not generating these
right was the cause of the PAC pain, and so now both the main code and
torture test validate this behaviour.
One thing doesn't work with this patch:
- the sealing of RPC pipes with kerberos, Samba -> Samba seems
broken. I'm pretty sure this is related to AES, and the need to break
apart the gss_wrap interface.
Andrew Bartlett
(This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
|
|
'make clean gcov' to generate a set of files describing the test coverage
of the Samba 4 code.
(This used to be commit 72bb84add469ad4f027ddbd8d73bb846b0609fa2)
|
|
DRSUAPI CrackNames.
We can't pass the full cracknames test until the initial provision is
updated, the seperate DomainControllerInfo and canonical names support
is added.
Andrew Bartlett
(This used to be commit ed24d88f0e8c6371acf6638a1c5f2112bc0bf285)
|
|
Guenther
(This used to be commit d717e878bdc05b06adcc50c3527c339be8164145)
|
|
(This used to be commit 6e30dd8a50e9afc4942cd925e6e0266d960923dd)
|
|
Andrew Bartlett
(This used to be commit a6597181f62e5b0ec95232a2dd69b5d85de845b8)
|
|
(This used to be commit 9e375d82e828879704442e5a27a9938015953de2)
|
|
More CrackNames testing
Andrew Bartlett
(This used to be commit 0913dec6a98e735e5e3157a2fceec94f57dd706c)
|
|
StrCaseCmp was sys_strcasecmp, while it is in fact strcasecmp_m!
(This used to be commit 200a8f6652cb2de7a8037a7a4c2a204b50aee2b1)
|
|
Andrew Bartlett
(This used to be commit fccbc15555871059e62bf720f115b2307a171667)
|
|
Andrew Bartlett
(This used to be commit ad60d4571568d5b3edd98199462812a2f30c36cd)
|
|
Kerberos CCACHE into the system.
This again allows the use of the system ccache when no username is
specified, and brings more code in common between gensec_krb5 and
gensec_gssapi.
It also has a side-effect that may (or may not) be expected: If there
is a ccache, even if it is not used (perhaps the remote server didn't
want kerberos), it will change the default username.
Andrew Bartlett
(This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315)
|
|
Andrew Bartlett
(This used to be commit b1b0e26e537677793a92af02464ff1e83fce9610)
|
|
- fixed ncacn_ip_tcp to use the generic async name resolution methods,
so NBT names now work (as requested several times by abartlet!)
- changed resolve_name() to take an event_context, so it doesn't cause
the whole process to block
- cleaned up the talloc_find_parent_bytype() calls to go via a cleaner
event_context_find() call
(This used to be commit b3d491b210a8b889a25efcb273e70fefbd01b7f7)
|
|
Andrew Bartlett
(This used to be commit 1cd62944f1387a3922e01dbee9bcf28f96f131ad)
|
|
krb5_context.
Andrew Bartlett
(This used to be commit 47699019dbb7aa48e7acd6bf8364e40917db8410)
|
|
(This used to be commit d3b5d006717c24660244c6475ffc73cb0b56d021)
|
|
problems with signed chars
(This used to be commit 4b3e3a9633bf7ce57f537b9897c0e9c613a99f7a)
|
|
(This used to be commit 7e6957b906be760e7eb7e6ab6dbc86efeb0c42d2)
|
|
For example:
bin/smbtorture //xx/y LOCAL-PAC --option 'torture:pac_file=x.dat' --option 'torture:pac_kdc_key=B286757148AF7FD252C53603A150B7E7' --option 'torture:pac_member_key=D217FAEAE5E6B5F95CCC94077AB8A5FC'
(This used to be commit e0978ead23c493a802ce69ed7be871b2a9a54498)
|
|
simultaneously with
NTCREATEX_DISP_CREATE (create if not exists, else fail) they might end up with
two or more times NT_STATUS_OK as EEXIST is not correctly handled.
Jeremy, please look closely at this. You can easily verify this by adding a
smb_msleep(100) to the top of open_file_ntcreate and run the new samba4
torture test. It does also happen without the msleep, but not as reliably.
Thanks,
Volker
(This used to be commit c803d4c9a588e39a90ddfe900be9b9de1a861f82)
|
|
(This used to be commit ba909a64e92e9b2d2c8fd02fc9e9e0e7aa49dd0a)
|
|
(This used to be commit 0e30c80a53af45ee9112513c02a6a231e8b1a133)
|
|
- fixed winreg_GetKeySecurity() to use a sec_info field correctly
- simplied the winreg torture code, removing the separate opens for
each hive
- added torture cleanup code in winreg test
- added 'create with security descriptor' in the winreg torture test
(This used to be commit f20695decd587f7b6bbdbd4861441bd19ab85078)
|
|
descriptor. To keep it simple I just use normal IDL buffers for now,
avoiding the complex methods metze used in spoolss. We might change
that later
Also added decoding of the security_descriptor in
winreg_GetKeySecurity() in smbtorture
(This used to be commit 439f34a9621e2e96329c30cfed8d78b8fdfbd8a2)
|
|
Andrew Bartlett
(This used to be commit 01c4a970ec22b3915b8017da018bd500b4fffcbc)
|
|
CrackNames.
Andrew Bartlett
(This used to be commit a82a419579872fc78b02c29972eaf55da22088c1)
|
|
Volker
(This used to be commit 71571fffc0493a5658c5980e6ebe4d8f9ada4699)
|
|
Andrew Bartlett
(This used to be commit 340955220443533cc70dcb0ef9bae4815f30e6c5)
|
|
Andrew Bartlett
(This used to be commit 4c6052ccfd6ff01eb00d8f953ae8912ea6dedba3)
|
|
distinguished names
Provide more functions to handle DNs in this form
(This used to be commit 692e35b7797e39533dd2a1c4b63d9da30f1eb5ba)
|
|
calls. The previous IDL was just a workaround for the limitations of
our older rpc infrastructure. Now that Jelmer has added much improved
string support using the charset keyword we can correctly implemenent
the unusual winreg string buffers.
Jelmer, note the little comment I put on winreg_StringBuf() about why
I couldn't use [value()] for the length field.
This also fixes EnumKey() and EnumValue() to use NTTIME fields for the
last_changed_time. I don't know why we were using a pair of uint32's,
as it is just a NTTIME.
(This used to be commit 8354b016122cc4f3cff042b3ada1de07e1614eb7)
|
|
(This used to be commit d0225f10797eaeeb6d10cf753578703e144ee8dd)
|
|
typo in comment.
Andrew Bartlett
(This used to be commit c96f8594b16c6a5310e2e8727bb6975f2a193231)
|
|
names.
(This used to be commit 26b191b3c9529b2dae5d004819dab46657064408)
|
|
Andrew Bartlett
(This used to be commit ea4cc6bcbed4f26855d2f67d914c73453c524406)
|
|
Andrew Bartlett
(This used to be commit 1fa87223eb66825ef2dd93966652fa84de6b0b2f)
|
|
NT_STATUS_ACCESS_DENIED.
(This used to be commit f18d1f539e4fd434dfc519e45f4c356c5cd4d73a)
|
|
(This used to be commit b76d35e7e2207f4da294a7cd1b5636b954162be2)
|
|
- Convert to use lsa_String instead of eventlog_String.
- Copy across some constants.
- Implement idl and testcase for ClearEventLog() function
(This used to be commit 352b21af3f0a84ee31d0eecaa76abf2134d044de)
|
|
disposition in the RAW-UNLINK test (this allows it to work with netapp
servers)
(This used to be commit 4f9cfd10bf92e5abf3c09bb0bf6cca3dfc3b6dfb)
|
|
rafal
(This used to be commit f0d51b78c040937bd27857c063fae215a3f0f465)
|
|
If we ever get problems with the kerberos code, it should show up as a
different signature in this PAC.
This involved returning more data from the pac functions, so changed
some callers and split up some functions.
Andrew Bartlett
(This used to be commit d514a7491208afa0533bf9e99601147eb69e08c9)
|
|
this test ;)
(This used to be commit 73ba1a8e3823330c6889d626e8e4fb392ebcab8a)
|
|
(This used to be commit 0ab907af6a4c3d1adbafccdb1bd4150c491bcba4)
|
|
for tconx, instead of the \\server\share
form
(This used to be commit 02a78d06e1018087859c9ec65b792b1ffcfd3981)
|
|
(This used to be commit ee2744160892f28390662f4934dc4135e4378d78)
|
|
(This used to be commit 45e41010da19cafc9d50369c2d311a42e5172eb7)
|
|
(This used to be commit eaf079e33f3e2d933b7310cf076d572b6988cbb4)
|
|
force_password_change datetime.
rafal
(This used to be commit dfa2cc6c4ed8273b1d3ee604954c81c75f0890bd)
|