Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit b3f01ef0df2579decbbb67586157d089f528dd13)
|
|
(This used to be commit fcf60823c6171ec109195cb8d61de5b0e02fd005)
|
|
call ndr_print for each call
metze
(This used to be commit 0a07e4ef8d869d35ceb0761495e367077f2361ba)
|
|
file_load() to use talloc, which impacted quite a few bits of code,
including our smb.conf processing.
took the opportunity to remove the gloabls in params.c while doing this
(This used to be commit b220756cb4f1d201ba3e771ca67e4bfae5eae748)
|
|
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).
Unfortunetly win2k3 still doesn't like what we provide, but every step helps.
Also use data_blob_const() when we are just wrapping data for API
reasons.
Andrew Bartlett
(This used to be commit e7c8076fc1459ff2ccefdaf0b091d04ee6137957)
|
|
(I have included the krbtgt key from my test network).
It turns out the krbtgt signature is over the 16 (or whatever,
enc-type dependent) bytes of the signature, not the entire structure.
Also do not even try to use Kerberos or GSSAPI on an IP address, it
will only fail.
Andrew Bartlett
(This used to be commit 3b9558e82fdebb58f240d43f6a594d676eb04daf)
|
|
metze
(This used to be commit 5933b00461e6e7c7f0ab60d61f9be215aa68c317)
|
|
metze
(This used to be commit e601042c07d7b6eed0dc34e5b136d9266b8a0f81)
|
|
first
write. Test that.
Volker
(This used to be commit 2ad02d5e09ca00ca998e363b535b16af45c82a5f)
|
|
also name the struct like the nt_version number
metze
(This used to be commit 1e3af5cc1f68b7fa54b8ba77ed9836a619a69436)
|
|
Creating a file in a directory with delete-on-close set returns
DELETE_PENDING, and trying to set the flag on a non-empty directory returns
DIRECTORY_NOT_EMPTY.
Volker
(This used to be commit 5680f34778b2f5291936f4d4fb937a7713696c52)
|
|
Volker
(This used to be commit 47a9df946d5ff967289fba0ff4209711ead11e31)
|
|
connection(!) and
resetting it on another resets it for both.
Volker
(This used to be commit 30bd7e36669dbb2fd7d85a1cd72927370267d616)
|
|
The share mode db is actually checked on qpathinfo even before the
delete-on-close is executed.
Volker
(This used to be commit 124f3b74ca2ece9ba73737c3ccb75e1730973f19)
|
|
A delete-on-close deleted file is still around while open on another fd. But
only for findfirst, not for qpathinfo :-)
Volker
(This used to be commit dbc7a1a978d782c73f593f4b46f2a81d35169713)
|
|
Jeremy.
(This used to be commit ff58ecad044dc7a3cdb4c010ea5cc1ea5e2e4b3b)
|
|
actually a uint16 * without the [string] attribute, a la the the
system_name argument to samr_Connect().
Initialising the pointer to NULL is sufficient and we still pass the
RPC-WINREG test against win2k3.
(This used to be commit 407d962dacf7c833b36cb739e48fe97226968a34)
|
|
length too,
it's always 16 bytes smaller than the size in the PAC_BUFFER
we now dump the blob's on LOCAL-PAC with -d 10
metze
(This used to be commit 4ef721ce53539ac56ca8ac4d601f512149ca7283)
|
|
- check if the buffer length of the original and created buffer are equal
metze
(This used to be commit 84ff2d87e28df3e2b3c1495a9ea48f40221b96ae)
|
|
memory checks
- move to handmodified pull/push code for PAC_BUFFER
to get the _ndr_size field and the subcontext size right
- after looking closely to the sample w2k3 PAC in our torture test (and some more in my archive)
I found out that the first uint32 before the netr_SamInfo3 was also a pointer,
(and we passed a NULL pointer there before, so I think that was the reason why the windows clients doesn't want our PAC)
w2k3 uses this for unique pointers:
ptr = ndr->ptr_count * 4;
ptr |= 0x00020000;
ndr->ptr_count;
- do one more pull/push round with the sample PAC
metze
(This used to be commit 0eee17941595e9842a264bf89ac73ca66cea7ed5)
|
|
(This used to be commit acd9fad3a4c578e20cd4bdb79a000a7ff70f680c)
|
|
(This used to be commit b71fbcf5e2c627d918aef555b8cc8dd4591d8fe7)
|
|
NT_STATUS_INVALID_HANDLE on a per call basis for a bad vuid. That
means it is doing checking for a valid vuid in each backend function,
rather than globally. I don't want to emulate that as it is way too
error prone, and could easily lead to a security hole, so instead
accept either error code in our test suite.
(This used to be commit aefa9e53fa97551c1b15bdd50565881e63aea9a8)
|
|
(This used to be commit 0f76449a08955cfe50178b6accfd631d7cf42da3)
|
|
The biggest change was fixing the RAW-CONTEXT test. It was forcing
capabilities to zero in an attempt to not negotiated extended
security, but as a side effect it was forcing negotiation of dos error
codes. This confused the hell out of the test code!
Also fixed a bunch of places incorrectly using NT_STATUS_V() instead
of NT_STATUS_EQUAL() and several places that had the wrong dos status
codes
(This used to be commit 0b22744f40804a0d6dc94bfc40ec09306f584f7e)
|
|
Heimdal' case.
Andrew Bartlett
(This used to be commit b7c3c2f67188d8c8478d93e6890a81fa7d468061)
|
|
much closer.
This changes PIDL to allow a subcontext to have a pad8 flag, saying to
pad behind to an 8 byte boundary. This is the only way I can explain
the 4 trainling zeros in the signature struct.
Far more importantly, the PAC code is now under self-test, both in
creating/parsing our own PAC, but also a PAC from my win2k3 server.
This required changing auth_anonymous, because I wanted to reuse the
anonymous 'server_info' generation code.
I'm still having trouble with PIDL, particulary as surrounds value(),
but I'll follow up on the list.
Andrew Bartlett
(This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
|
|
that relied on the mapping need to be fixed. The first thing is to get
all the torture tests working against w2k3 again with nt status codes
enabled. The 2nd step will be to make them pass with nt status
disabled.
This starts on the first task, fixing the assumption that
NT_STATUS_INVALID_LOCK_SEQUENCE is a valid substitute for
ERRDOS:ERRbadaccess
(This used to be commit 87cdd117081193d215c5a9e3603438e058ad777b)
|
|
codes, controlled
with 'nt status support' option.
- make nt_errstr() display nice strings for dos status codes encoded
using NT_STATUS_DOS()
- no longer map between dos and nt status codes in the client library,
instead return using NT_STATUS_DOS()
- fixed the RAW-CONTEXT test to look for
NT_STATUS_DOS(ERRSRV, ERRbaduid) instead of NT_STATUS_INVALID_HANDLE
(This used to be commit ff5549e87ffae9f062394f30d8fd1ae95b614735)
|
|
(This used to be commit 23bff7bf6cf437e78db50b09f69fd1fbdf6aab35)
|
|
rafal
(This used to be commit cca6d792945477b86b2dd91f3c90152b69ee2a15)
|
|
rafal
(This used to be commit 0209fc67adae9d2003f06c826557306c2141a6a8)
|
|
rafal
(This used to be commit 1815a6af06aa791bfecb4aee8742701975d35318)
|
|
rafal
(This used to be commit e7870156dacb2e0346e24f8490bfd90e8b21ea96)
|
|
(This used to be commit 214e51b3c8021dfe31ad951603bae64fa281b0f8)
|
|
metze
(This used to be commit 47781fccbc9a4fc3867e4c3959a17765c7e4dc71)
|
|
regularly
(This used to be commit dac526845ea89ba732300105b3f82210b0828102)
|
|
- the out subcontext's need to have a fixed size of r->in.offered,
to make windows clients happy
metze
(This used to be commit 054e1ca434b2f81de199eeb41cb6233524fc5779)
|
|
- test AddForm on the PrintServer object
- GetForm() isn't allowed on the PrintServer object so remove NTPTR
function for it
- accept the dns name as servername in the spoolss server
metze
(This used to be commit d8c308a4653d59514915021607fe55c5f2b38749)
|
|
(This used to be commit 426c4d08ac9191c02dcd604a21ea390b7d255a41)
|
|
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.
This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.
In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.
Also in this commit:
The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.
To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.
Andrew Bartlett
(This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
|
|
Not part of the "all" make target yet, as it requires xsltproc
(This used to be commit fd3f4636438cf1d9c0dd802064033271b9e4d935)
|
|
(This used to be commit aa9e7cf63a0e5ce7c9b7d121a4df064cd6fae90f)
|
|
(This used to be commit 470ad9a93fcbf961d7d89fd96f751ded39660f74)
|
|
(This used to be commit fe7055df94ecc81d6758ee7ff82534451d620d6a)
|
|
(This used to be commit 616f54015ff8c7b25fa500cb03d025a9950ed6cf)
|
|
(This used to be commit 8d43eb5b9790a6b24c792919386cac5c0b8ea7ac)
|
|
don't like to bother with netbios type names when looking for common
types: hosts (servers) and domain controllers. Also, apropriate tests
rafal
(This used to be commit 50cd94be0f876a3463aa58b7e0898e6b3340c4c2)
|
|
Session Setup code.
Add a mem_ctx argument to a few of the NTLMv2 support functions, and
add smb.conf options to control client NTLMv2 behaviour.
Andrew Bartlett
(This used to be commit 3f35cdb218a3dae08a05e77452ca9f73716ceb28)
|
|
rafal
(This used to be commit ec29a1ffa7aec6f1822a92a8c62f5a0de51ec2ae)
|