Age | Commit message (Collapse) | Author | Files | Lines |
|
- Use templates for Secrets and the new trusted domains
- Auto-add modifiedTime, createdTime and objectGUID to records in the
samdb layer.
Andrew Bartlett
(This used to be commit 271c8faadfe2d9e0f3d523a1cdc831f5f9e35d19)
|
|
(The behaviour is a little odd, but we wanted bug-for-bug, right? :-)
Andrew Bartlett
(This used to be commit 6a09a84320c9ab18568a66efb3839a8dcde834af)
|
|
the backend should check for
(dce_call->state_flags & DCESRV_CALL_STATE_FLAG_MAY_ASYNC)
then it's allowed to reply async
then the backend should mark that call as async with
dce_call->state_flags |= DCESRV_CALL_STATE_FLAG_ASYNC;
later it has to manualy set r->out.result
and then send the reply by calling
status = dcesrv_reply(p->dce_call);
NOTE: that ncacn_np doesn't support async replies yet
- implement an async version of echo_TestSleep
- reenable the echo_TestSleep torture test
(this need to be more strict when we have support for async ncacn_np)
metze
(This used to be commit f0a0dbeb25b034b1333078ca085999359f5f6209)
|
|
metze
(This used to be commit b020dbec89a85619ae3ee12f4dd0e3828d30ba04)
|
|
This uses LDB (a local secrets.ldb and the global samdb) to fill out
the secrets from an LSA perspective.
Some small changes to come, but the bulk of the work is now done.
A re-provision is required after this change.
Andrew Bartlett
(This used to be commit ded33033521a6a1c7ea80758c5c5aeeebb182a51)
|
|
testsuite for all the different flag types. (We really only need to
know if we are getting the session key crypto stuff right, and one
call can tell us that).
Andrew Bartlett
(This used to be commit 8807498f6d3ff248c4d42bf18db45cfe25bd3b2f)
|
|
only the OLD secret value.
Andrew Bartlett
(This used to be commit 5853af89c8dd5c4d6220f395bcc18708398999af)
|
|
This call uses a new IDL type, NTTIME_hyper. This is 8-byte aligned,
as the name suggests.
Expand the QuerySecret LSA calls in RPC-SAMLOGON and RPC-LSA, to
validate the behaviour of times, and of the old secrets.
Thanks to tridge for spotting the use of HYPER!
Andrew Bartlett
(This used to be commit 1fed79cb0f2ae7940639d08ef99576559d4cd06e)
|
|
Andrew Bartlett
(This used to be commit 357d9114f002a607f80985588bbac150fa40d2bc)
|
|
Andrew Bartlett
(This used to be commit a17a8fbf9a843c2c9e10940878b43ad8e1583091)
|
|
token in the client (the final token in the negotiation).
Consequential fixes in the SPNEGO code, which now uses the out.length
as the indicator of 'I need to send something to the other side'.
Merge the NTLM and SPNEGO DCE-RPC authentication routines in the client.
Fix the RPC-MULTIBIND test consequent to this merge.
Andrew Bartlett
(This used to be commit 43e3516fc03008e97ebb4ad1a0cde464303f43c6)
|
|
(This used to be commit ba6caa99a454cb3393c8898f1e5be4a432b820c4)
|
|
it can't be changed (so you have to create a new context_id, not
change the interface bound to an existing one)
(This used to be commit 5f10a8f8d04d627927d9870c87d6e7d8b98d563c)
|
|
More work on the example class implementation
(This used to be commit 1f8f4dd179d5aa0472c676d115dc2fc1749ce32d)
|
|
(This used to be commit b1ff60667038aa1e2d7c6ad2015ba33ac5a90dc6)
|
|
- there is no alter_nak or alter_ack packet, its all done in an
alter_response
- auto-allocated the contex_ids
- tried to fix up the dcom code to work again with
alter_context. Jelmer, please take a look :)
(This used to be commit dd1c54add8884376601f2f8a56c01bfb8add030c)
|
|
just does a simple LSA/DSSETUP combo, which is what w2k does in the
ACL editor rpc calls that triggered this work
(This used to be commit 0129ec947aa1fa5a7104dc3a666af3cb9bd104f1)
|
|
dcerpc_alter_context and multiple context_ids in the dcerpc client
library.
This stage does the following:
- split "struct dcerpc_pipe" into two parts, the main part being "struct dcerpc_connection", which
contains all the parts not dependent on the context, and "struct dcerpc_pipe" which has
the context dependent part. This is similar to the layering in libcli_*() for SMB
- disable the current dcerpc_alter code. I've used a #warning until i
get the 2nd phase finished. I don't know how portable #warning is, but
it won't be long before I add full alter context support anyway, so it won't last long
- cleanup the allocation of dcerpc_pipe structures. The previous code
was quite awkward.
(This used to be commit 4004c69937be7e5dae56f9567ca607f982d395d3)
|
|
replace).
Andrew Bartlett
(This used to be commit ddb54d4ea1610b38e011e2f217ded7b6278d5290)
|
|
(This used to be commit 24ec8c4274241576683f1f6c86c33a2dfa43848c)
|
|
only needs WS privilages anyway.
Andrew Bartlett
(This used to be commit a093c4f98e833198ee59064b2cb9b9b45a188a59)
|
|
Andrew Bartlett
(This used to be commit 96806136ead3d1949516b2cfe7350a4e10681c28)
|
|
request to
kill the domain controller I'm asking. In samba4 torturing the DC is just so
easy, commit the test to randomized ask for DCs for all trusted domains.
Volker
(This used to be commit edb918762e1e46909520f13e28dcf8cedb2919b1)
|
|
not do
dynamic inheritance
(This used to be commit ebe6b002843196bc6d6fadfa646aa3bc8eb27af8)
|
|
- added #if TALLOC_DEPRECATED around the _p functions
- fixes the code that broke from the above
while doing this I fixed quite a number of places that were
incorrectly using the non type-safe talloc functions to use the type
safe ones. Some were even doing multiplies for array allocation, which
is potentially unsafe.
(This used to be commit 6e7754abd0c225527fb38363996a6e241b87b37e)
|
|
Andrew Bartlett
(This used to be commit 7bb00a80ac55252b8c05b33fd576b8606470e9be)
|
|
w2k3 does) or
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED (as longhorn does) to be an error.
fixed the CreateTrustedDomain test to cope with the "torturedomain" being left over
from a previous aborted run
(This used to be commit 429d79815c260781fae6eed28160d7507e780f34)
|
|
(This used to be commit f893ad9c45d6d06fa1b6f1f949a7834e7bf99ba7)
|
|
win2003. It is a
win2003 bug!
This new test code works against w2k, and against longhorn, but fails
against w2k3. When tested against w2k3 it allows a open with an access
mask that should be denied by the given ACL, after setting up the ACL
using inheritance. Note that only the very specific
SEC_RIGHTS_FILE_ALL mask incorrectly succeeds, so they must have a
special case for that mask. Maybe its an optimisation gone wrong?
I don't know if there are any serious security implications to this,
but it is pretty clearly wrong, and has been fixed in longhorn.
(This used to be commit 4f9fd767dbb5e47f3786f5acda17267d57e839e0)
|
|
Include RPC-SAMLOGON in the list of tests expected to pass
Remove silly extra loops from the RPC-SAMLOGON test, which mostly just
slowed htings down.
Andrew Bartlett
(This used to be commit 518ca9fb695b0f9d480122a74a2159f7f17a3219)
|
|
- disabled the async netlogon tests for now until we better understand async rpc
- added a test_w2k3.sh script that runs rpc tests that a w2k3 DC
should pass. This is useful for regression testing when PIDL changes
are made.
(This used to be commit f7d4d3db489ad79457de70a85ad990159f6e74f8)
|
|
(This used to be commit fa3cecddd8065885dd461000de683eb0143eb481)
|
|
talloc_size() or talloc_array_p() where appropriate.
also fixed a memory leak in pvfs_copy_file() (failed to free a memory
context)
(This used to be commit 89b74b53546e1570b11b3702f40bee58aed8c503)
|
|
talloc(ctx, 0) call.
- cleaned up some talloc usage in various files
I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
|
|
the next commit is support for typedef bitmap {...}; in pidl
metze
(This used to be commit bd06a85cb747aea29a400050cb9d25a3240ef1cc)
|
|
(This used to be commit f9e0aa1ab1faac039893db241819907c9c4bb510)
|
|
combine the NTLM and LMv2 responses, for maximum compatability from a
client perspective, allowing access to servers that require NTLMv2, as
well as those that don't support it.
Currently, this is unfortunetly not possible against Win2k3 (and Samba
is being coded to match that behaviour at this point).
Andrew Bartlett
(This used to be commit 93b46ebe0f3cccd26b5ddd213553667e612c3701)
|
|
I just need to fix a couple of NTLMv2 issues before we can fully pass,
and put this in test_rpc.sh, as a 'should pass' test.
Andrew Bartlett
(This used to be commit 4b52409e385366d87724bb79f4fad4803e8ecfec)
|
|
(This used to be commit f830adc54ada7f38f964a6ccb5270d2791325dd5)
|
|
(This used to be commit 77e14c28584c5917f22672b304cb0f8e37e883fd)
|
|
to match the style we are using in other pipes
- first fillin local vars and only set the out parameter on success
- for the server code only to the samdb lookup when it's needed
NOTE: the DsRoleGetPrimaryDomainInformation() code with DS_ROLE_MEMBER_SERVER
is not tested yet, does someone has a w2k3 member server to test with?
metze
(This used to be commit e6d1136497f501fe0687bfb34a155db6a9d87bde)
|
|
important
change was in the ldb_msg_add_*() routines, which now use the msg as a context,
and thus it needs to be a talloc ptr)
(This used to be commit 1a4713bfd0e519f3eb7b3241121ff914a6eeef18)
|
|
- added gcov flags to Makefile.talloc
- expanded talloc testsuite to add a test for realloc with a child ptr
- fixed a bug in talloc_realloc() with realloc of a ptr that has child ptrs
(This used to be commit 98b5f73c1ba34d7576c5995069b485c1c5ede324)
|
|
outside the tree, instead defined _SAMBA_BUILD_ inside the Samba
build. This makes it easier to pull code out of Samba for external
use.
(This used to be commit 09e98c8745cca7ccb1ad7134c0c09b8e4c0f4f06)
|
|
(This used to be commit 5448c72ebe58e264ee772f8e1c4caee2250c328c)
|
|
pipe is now complete!
The only glitch is that I am returning DS_ROLE_MEMBER_SERVER when I
should be returning DS_ROLE_PRIMARY_DC. This is needed for the moment
or ACL editing doesn't work from w2k3. Once we have some more ADS
calls we should be able to fix this.
(This used to be commit 6566dc2805a9f6473ebab70b0dbd381c4dbd42c8)
|
|
In developing a GSSAPI plugin for GENSEC, it became clear that the API
needed to change:
- GSSAPI exposes only a wrap() and unwrap() interface, and determines
the location of the signature itself.
- The 'have feature' API did not correctly function in the recursive
SPNEGO environment.
As such, NTLMSSP has been updated to support these methods.
The LDAP client and server have been updated to use the new wrap() and
unwrap() methods, and now pass the LDAP-* tests in our smbtorture.
(Unfortunely I still get valgrind warnings, in the code that was
previously unreachable).
Andrew Bartlett
(This used to be commit 9923c3bc1b5a6e93a5996aadb039bd229e888ac6)
|
|
(This used to be commit dbcaff7c71c9b7ee984a2ed458b6c3ce27772740)
|
|
ds_RolerGetPrimaryDomainInformation()
(This used to be commit 7aec3dac6fd5165cfca5c650aaa29234e278d95d)
|
|
(This used to be commit 382231ca365eccec8024af9420b1ebe41953bdb5)
|