Age | Commit message (Collapse) | Author | Files | Lines |
|
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
|
|
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
|
|
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
|
|
Pinched from b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit d55602e23e7947462cb402b20b2d354b96aa7ba3)
|
|
(This used to be commit b52fba5b2c63a24acbfc7e3e989c16b691d98162)
|
|
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
|
|
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
|
|
(this does not change the file server role, and only really changes
what 'server signing = auto' means)
Optional signing really isn't any benifit to network security.
In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).
Andrew Bartlett
(This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
|
|
Andrew Bartlett
(This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
|
|
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
|
|
(This used to be commit b599b83a13db90b50a5422ff73daa63648b1e8cd)
|
|
(This used to be commit e8ba65c4db986fcedf7008d05d8f8846f78a98f1)
|
|
(This used to be commit 1897cef508c8bea817c510bd9023d794cb983864)
|
|
(This used to be commit d5c61f470d7aa6dd0e5a22e8718d53a69cbbc239)
|
|
(This used to be commit 3862f3132549332e0a44fad65d7c49a27e1dbd4a)
|
|
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
|
|
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
|
|
(This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
|
|
(This used to be commit 50502b3b8faf89cf5ad396102f4fe80eaa213908)
|
|
Andrew Bartlett
(This used to be commit 91ae8dca254aa8c032daf0c87fa2a47760d32586)
|
|
(This used to be commit e5520706c88911c66b3ce5817e371900212ca083)
|
|
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
|
|
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
|
|
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
|
|
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
|
|
This uses Heimdal's PAC parsing code in the:
- LOCAL-PAC test
- gensec_gssapi server
- KDC (where is was already used, the support code refactored from here)
In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.
Andrew Bartlett
(This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
|
|
(This used to be commit 9db5a966fce0b71a0d2167b4aff70cc081abc1cc)
|
|
This file allows the remote_pac.c code to call into netlogon.c's setup
credentials code.
Andrew Bartlett
(This used to be commit 0343987cf18c1287d98ae542d397ab1fab0a04b7)
|
|
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(
Andrew Bartlett
(This used to be commit d878643071a1477435a267e2944461d367cdfa79)
|
|
This will allow a torture suite to inspect some otherwise internal
details.
Andrew Bartlett
(This used to be commit 9701149ef75f9771f42000e2b6f44963abfee938)
|
|
(This used to be commit 32143287c7eb452c6ed9ccd15e8cd4e5a907b437)
|
|
(This used to be commit f6e227b72bb56d12cb270d76f7f458136c4ca160)
|
|
metze
(This used to be commit 0c4227e45d6b8e31a0219358042318e9d2a0b36d)
|
|
metze
(This used to be commit f454342d48e1dce7dff0bcff246c7237bed94fd5)
|
|
This is based on f56a3b1846c7d462542f2e9527f4d0ed8a34748d in my heimdal-wip repo.
metze
(This used to be commit 467a1f2163a63cdf1a4c83a69473db50e8794f53)
|
|
metze
(This used to be commit dbfbd1b018f7c29dde2e291cbb7bb54bf147a10e)
|
|
Now it's possible to just use a plain heimdal tree in source/heimdal/
without any pregenerated files.
metze
(This used to be commit da333ca7113f78eeacab4f93b401f075114c7d88)
|
|
metze
(This used to be commit f4cfba26aebb18fecdb50478bec9c07d4910ab3b)
|
|
metze
(This used to be commit 3ab59dc66fe2d40533a66ff786d0b2373eea1ab8)
|
|
metze
(This used to be commit 8d6d96898dcc948aa0ee004eaeb48dc847946361)
|
|
metze
(This used to be commit 94cef56212d7d7c1150aea760dba24bda7190442)
|
|
metze
(This used to be commit d3e939bf75fb85cf0eb3551856e161e3e58c0031)
|
|
metze
(This used to be commit 848067033c40c3a4681f196ac5da289cd488d962)
|
|
metze
(This used to be commit 95135ade447e04329afa7581c66c4df8de63ca24)
|
|
This remove a difference against lorikeet-heimdal.
metze
(This used to be commit 4314df3561dfe60228db0af220549300b0137c85)
|
|
metze
(This used to be commit 1c7bb21bd85900206e9ad831bc4795c1f765a9aa)
|
|
metze
(This used to be commit 65057f17b0d9e83f1b775afdeb7ea91ce0e52cd1)
|
|
This reverts commit 86848dd0f217774faed81af8fbf68618013e20a1.
This should come back via a merge from heimdal's trunk later.
metze
(This used to be commit 585e5360e2d9f722e80850eb86c3d4253530e8ba)
|
|
This reverts commit 6a8b07c39558f240b89e833ecba15d8b9fc020e8.
This isn't strictly needed and will come back in the next merge
from heimdal's trunk.
metze
(This used to be commit 8ed040c8c4bed082ab74ab267090b35bb57db3f3)
|
|
metze
(This used to be commit 66d8da17a4c3543e133452f9a87702a2a8fb609c)
|