Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 307aabe0257559a9211f4f627cb38150a24dc40f)
|
|
of supplementalCredentials
metze
(This used to be commit b708d0729e03a78868f18fd37c9a01d7c75c900e)
|
|
this is handles the content of the 'Packages' element in the supplementalCredetials
metze
(This used to be commit 07fe22f82ebe66464ef73274a109d1e21a0d7f0f)
|
|
metze
(This used to be commit 925f1f40cf8318d0a72fe3da958db52ccbf14b39)
|
|
(This used to be commit a620dc359476de9440f3b84dc8b45f569d103270)
|
|
metze
(This used to be commit 97fc985bd062b6ad5a58dd6ce883a637043283a1)
|
|
- fix parsing of Primary:Kerberos blob
metze
(This used to be commit c6fa95ef2263774901c8871396b4eec5b7409c5e)
|
|
uint16 size;
[relative,subcontext(0),subcontext_size(size),flag(STR_NOTERM|NDR_REMAINING)] string *string;
as
uint16 size;
[relative,charset(UTF16)] uint8 *string[size];
isn't supported by pidl yet...
metze
(This used to be commit 9fcfa658430f04658c692eb26db9280fda6e4e25)
|
|
which contrusts the keys...
later we need to get the key version number from the
"replPropertyMetaData" attribute entry to the (I assume)
the "unicodePwd" attribute.
msDs-KeyVersionNumber is a constructed attribute,
and is "1" when no "supplementalCredentials" is present.
we need to make some tests with a password change function
which don't give a cleartext to the server...
metze
(This used to be commit 9e4324221764c1413be34d5b14915a86740acc04)
|
|
metze
(This used to be commit 03b06398a405e491ce4e2bc91513a57e0d59466f)
|
|
Samba3's IDL.
(This used to be commit 15a4b81ba0b5eeb25126a0b1a7bea7d3bf921ab2)
|
|
(This used to be commit a45a677084ba1bc63a8f74892c12ca6f0d9b5071)
|
|
(This used to be commit 3ef8a6834df63a0bfa68996daea6432e98243d40)
|
|
inside the supplementalCredentials attribute
w2k uses keys1 and keys2 where both seem identical
w2k3 only uses keys1 and num_keys2 = 0
the Salt is only stored once for all keys
the following keys are stored:
ENTYPE_DES_CBC_MD5 = 3
ENTYPE_DES_CBC_CRC = 1
metze
(This used to be commit 03d7d05e4fa607271f84878bc238e7cf0560bc67)
|
|
(This used to be commit b29170c8eaafa3a573b0e26efecd6cacd68250b6)
|
|
(This used to be commit f3680ba118d4de4c535ceabda69e3b9f00424cd6)
|
|
(This used to be commit 2e2b15e3d258b66c3a150b97748ff6b4eed69a9a)
|
|
(This used to be commit 88fa90778a0e1f5efca08e5e6ba1b165399de30c)
|
|
(This used to be commit bfc2a1c50596ac3aee871de63fdd99362a65d7d8)
|
|
(This used to be commit 83a47e30b59f5289cdcb68ba54aa236795bc42b2)
|
|
they test is broken at the moment.
(This used to be commit 8f039a25cd75e4acdaec0afce3cc159b0abe99ec)
|
|
for the keytype field...
metze
(This used to be commit e96aa8980097712d7666a85f17c7214486d99618)
|
|
when no krb5key attribute is present or it doesn't contain the KEYTYPE_ARCFOUR
key.
metze
(This used to be commit b4af29da700a71fe021c5f31cad31a494d884e07)
|
|
"ntPwdHash" => "unicodePwd"
"lmPwdHash" => "dBCSPwd"
"sambaLMPwdHistory" => "lmPwdHistory"
"sambaNTPwdHistory" => "ntPwdHistory"
Note: you need to reprovision after this change!
metze
(This used to be commit dc4242c09c0402cbfdba912f82892df3153456ad)
|
|
- don't overwrite the passwords with 'test' as we now understand the windows
format for the password hashes
metze
(This used to be commit 252a4d67020da19de44893349bd476ec88d5b746)
|
|
We decided to store them plain in our ldb
metze
(This used to be commit ff13b21102641a308bd48a8efa6b94a98f567e15)
|
|
also it's not always under the domain dn
metze
(This used to be commit b8c940f1e2bbd65ed5d2f4279434dd526456ad8b)
|
|
metze
(This used to be commit cdfd4ee8e5202a3df1da2d82b592d8814a3209ba)
|
|
metze
(This used to be commit 545f769c2fb29323f2fa06e076af894c0be678d0)
|
|
We were returning just true/false and discarding error number and string.
This checking probably breaks swat, will fix it in next round as swat
is what made me look into this as I had no way to get back error messages
to show to the users.
Simo.
(This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
|
|
pidl bug,
so there are still two tests commented out.
(This used to be commit b7f6ec5c1cf6f782991b0f4f05283d6da2c2dfe8)
|
|
(This used to be commit 4d52b429261de6712e25d9db9d3be597ff1d74b8)
|
|
general. Since
we're running the testsuite mainly against ourselves, we only check that the
push/pull functions work in our own environment, not whether they generate/parse
the same data that other systems do.
This commit adds the infrastructure for a testsuite for just the marshalling
code. The idea is that you provide a data blob, a function name and a function
to check the resulting struct for correctness.
(This used to be commit 9bd2421e44dcfcaf08ad61cf25bb7714cf885517)
|
|
(This used to be commit e8cdfd0a61354b7a5da43c27e9af4695cfa168d6)
|
|
not everything has a meaning yet, but it's a start and we know how to get
to the password in cleartext
metze
(This used to be commit 65641181f782349f1f0192d1c95254e80e2b3887)
|
|
(This used to be commit 736330d23b1f723d3564043c0670dbd6bee3742f)
|
|
(This used to be commit 2669f2c8ad09505b37f64104eefce6f0b10e9ab5)
|
|
doesn't
fix the winreg code yet (as that's an array on top of a pointer), but at least
it gets us closer.
Also added a couple of tests for the Samba 3 client code.
(This used to be commit 4a5b62ad622d7be08591e19bc2e89f665fff445a)
|
|
metze
(This used to be commit 66c8499e5f2f139995be8cb5770d238f383059d6)
|
|
in files for inspection with ndrdump
metze
(This used to be commit 54748ef5860ee59b5f84855965c84aa8787fb4b6)
|
|
and print out the first mismatch
metze
(This used to be commit 6ac574660a0656341d7a311738d20b328f31ff78)
|
|
make --validate, --dump-data work again
metze
(This used to be commit 654acc67344c097106b2f9859b5cbd973d95340f)
|
|
by metze.
(This used to be commit 8212a3b8e0d3d59264f659c3f657b165ececefeb)
|
|
metze
(This used to be commit 2b7d7487510898dffc900bfcec88ed57c709858c)
|
|
metze
(This used to be commit 0f1eb00b418eabef5881f94d8df2b4d61f1dc1ef)
|
|
the package specific data is present as hex string,
we'll need to add parsers for each package later.
metze
(This used to be commit 6a725ae2610ba3d8f95782f90745593d436a4786)
|
|
it doesn't work yet but it's a start
metze
(This used to be commit 0417e12c84836c02e26f09c598ae5f2a7d5427b6)
|
|
and isn't an error.
metze
(This used to be commit 6f5e084a7b9a80a3f86799f7e86a63aa0334fa2a)
|
|
we got a 2nd answer to a broadcast message and have already remove
the packet id from out list while getting the first response
metze
(This used to be commit 8c26e04900da02bdf440f1d48b512e2550e89c34)
|
|
(&(dn=%s)(&(objectClass=kerberosSecret)(privateKeytab=*))) again
we can use such a filter:-)
we should only update the keytab for records matching this filter,
that means we need to do a search before calling cli_credentials_set_secrets()
metze
(This used to be commit 23adca4e3426360fe0685548ae2b808578f6ba75)
|