summaryrefslogtreecommitdiff
path: root/source4
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r10174: This patch implements generic PAC verification, without assumptionsAndrew Bartlett1-23/+98
about the size of the signature. In particular, this works with AES, which was previously broken Samba4/Samba4. Reviewed by metze (and thanks for help with the previous IDL commit). (This used to be commit 3c8be196cce3bf275a0bf8d0cf127df570b560d3)
2007-10-10r10173: Document new optionJelmer Vernooij1-4/+13
(This used to be commit efa6e3938df2f185fc7a303094a0b091422a7398)
2007-10-10r10172: Add --dump-ndr-tree argumentJelmer Vernooij1-25/+26
(This used to be commit 8eb69b3a6e4e912af8a7c14a348f65b3d2512b42)
2007-10-10r10171: This seems to work for encoding/decoding a PAC at the buffers onlyAndrew Bartlett1-0/+21
level (required for signature verification). Andrew Bartlett (This used to be commit 76c224f28885759daae45e02a7637f2451dc84d3)
2007-10-10r10167: add a test to check if we always get the same assoc_ctx, on one ↵Stefan Metzmacher1-2/+47
connection. metze (This used to be commit 589541b7402506422e8a85a857ea48910b24f2d6)
2007-10-10r10164: - add first assoc_ctx testStefan Metzmacher1-2/+80
- handle the case where we're no valid pull partner of the tested server metze (This used to be commit d2e62dc205dd450ce57b9566c29e82878eb8471b)
2007-10-10r10161: Check for alloca.h to prevent incorrect local declaration.James Peach1-1/+1
(This used to be commit efc70d267285a94bcadd690ae4392d278cdeea94)
2007-10-10r10159: Dereference padsize before comparing to an int.James Peach1-1/+1
(This used to be commit 5767c05909c9927b3a806614b1f1bd2f90a35dd3)
2007-10-10r10157: Remove the last traces of heimdal/include.James Peach2-3/+3
(This used to be commit 651249010725196702a8a2ed0cba65039aa2f08d)
2007-10-10r10155: Add more notes on required gsskrb5 functions.Andrew Bartlett1-2/+7
Andrew Bartlett (This used to be commit cdfcc093430c0a4ae2937dcbf29b8874e724ff29)
2007-10-10r10153: This patch adds a new parameter to gensec_sig_size(), the size of theAndrew Bartlett14-48/+224
data to be signed/sealed. We can use this to split the data from the signature portion of the resultant wrapped packet. This required merging the gsskrb5_wrap_size patch from lorikeet-heimdal, and fixes AES encrption issues on DCE/RPC (we no longer use a static 45 byte value). This fixes one of the krb5 issues in my list. Andrew Bartlett (This used to be commit e4f2afc34362953f56a026b66ae1aea81e9db104)
2007-10-10r10149: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett2-32/+47
Andrew Bartlett (This used to be commit b9695d5e7cc052a952d8d60bc1ab08e00f4827e8)
2007-10-10r10148: Use samdb_base_dn() to find the local domain.Andrew Bartlett1-2/+2
Andrew Bartlett (This used to be commit 4969f86ac29aa1c4371a5cd01551f45c7fdb4cb2)
2007-10-10r10146: Clarify which test is failing in error messages.Andrew Bartlett1-25/+29
Don't dump the pac to x.dat (accidental commit). Andrew Bartlett (This used to be commit a798d76a4ad6c0cb280d4e03e9819702acb16f55)
2007-10-10r10145: Allow a variable length signature, so we can support signing withAndrew Bartlett2-18/+8
other than arcfour-hmac-md5. Currently we still fail to verify other signatures however. Andrew Bartlett (This used to be commit 2e5884fc2472c6bcc7e6e083c28a4da6b2f72af1)
2007-10-10r10144: dump the whole data blobStefan Metzmacher1-1/+1
metze (This used to be commit 4f933165c22113adecf5f1b57927aa89f1715945)
2007-10-10r10143: don't exit when the not all bytes are consumed,Stefan Metzmacher1-4/+2
(this happens with relative pointers) metze (This used to be commit 3ba227aafd75b88c26c6a3fde8d55aeb360e344f)
2007-10-10r10141: if some of the LIBNDR_ALIGN_* flags and LIBNDR_FLAG_REMAINING are set,Stefan Metzmacher1-0/+6
ndr_pull_data_blob() doesn't work correct. so make them exclute each other. jelmer, tridge: does that look correct? it fixes a problem, abartlet had with krb5pac.idl, where the align flags are inherited from the parent, and we want to get the [flag(NDR_REMAINING)] DATA_BLOB signature; metze (This used to be commit b9ea3e8f9f85098b63081bf12e2be65687921874)
2007-10-10r10140: reorder some stuff, for nicer outputStefan Metzmacher1-4/+8
metze (This used to be commit 517d0ded6b4dc7aabe48581fee5878637bc2a674)
2007-10-10r10138: Fix the mapping table (as tested in smbtorture). EXEC_ACCESSJeremy Allison1-1/+1
should map to SEC_RIGHTS_FILE_READ, not READ|WRITE. Jeremy. (This used to be commit 26f63973e6207e3b5c3123f1326027ceac38966f)
2007-10-10r10132: Confirm that openX with OPEN_EXEC implies read only.Jeremy Allison1-0/+26
Jeremy. (This used to be commit da70b2ab2df6d8239811b12b471c578cbff6dca8)
2007-10-10r10129: fix sinple ip's in wins replication, packetsStefan Metzmacher2-5/+4
metze (This used to be commit 7492afa48db68ee29048f8e1a56ccff712a3d162)
2007-10-10r10126: WREPL_REPL_UPDATE also takes a wrepl_tableStefan Metzmacher1-1/+1
metze (This used to be commit b897ad39bb063ee9ca963bd9848837307739f792)
2007-10-10r10123: Add more warnings. Support quotes in conformance command argumentsJelmer Vernooij3-26/+60
(This used to be commit e6842fcc9809bcf8de678199a6f28fbbde6c0b83)
2007-10-10r10116: Print out a couple more warnings.Jelmer Vernooij2-4/+57
(This used to be commit 0628dfa5c3c74614a86b4f61b8d1555ef41c41bb)
2007-10-10r10115: bind client connection to the best interface, to the partnerStefan Metzmacher1-1/+1
metze (This used to be commit e44aca0a8eb41abbaa494d379dd61713dc57c4f3)
2007-10-10r10113: rename libcli/wins to libcli/wreplStefan Metzmacher4-3/+3
metze (This used to be commit d8b84112bb40605b07a77ab5f7a44ac1807ccc59)
2007-10-10r10112: - check attributes depending on the section typeStefan Metzmacher1-24/+74
metze (This used to be commit d6af241d7b1459d81479205356c7422c4dcca0fb)
2007-10-10r10111: Make pidl by default assume the input file is an IDL file ratherJelmer Vernooij4-35/+40
then a .pidl file. (This used to be commit d8a31d3048a6421a3d49d3c121bc86d748838b3a)
2007-10-10r10110: Add some more warnings, implement FIELD_DESCRIPTIONJelmer Vernooij3-23/+93
(This used to be commit 1caeb3238dac6321bde8e254a8efaf090b4d56b0)
2007-10-10r10104: Fix code before declaration.Tim Potter1-1/+1
(This used to be commit 05c020181560afd4e6957be29795536e2d83d71e)
2007-10-10r10103: Put an #ifdef guard around ENOTSUP to fix systems that don't have itTim Potter1-0/+2
(OpenBSD 3.7). (This used to be commit cc24af6545b19ad7710c43399c396e1807f80eeb)
2007-10-10r10100: Check for more networking headers so the resolv.h test can succeed.James Peach1-1/+4
(This used to be commit db75b2da1ef9d8e926610d918953697dd346fe3b)
2007-10-10r10097: Remove extraneous include patch heimdal/include. Add configureJames Peach2-1/+4
checks for getipnodeby*(). (This used to be commit 623c265312bdbf7a485f2b9a46fc79d2e53edb54)
2007-10-10r10094: Support quoted arguments in conformance filesJelmer Vernooij2-32/+58
Update pidl manpage (This used to be commit a69e88e7b19b8f05222b54aea88395b51b96c003)
2007-10-10r10093: Fix the HF_FIELD conformance file commandJelmer Vernooij6-19/+21
(This used to be commit 0c0a4b55cff4079276073060dae91ff0c19af42f)
2007-10-10r10091: Fix perl warningsJelmer Vernooij2-0/+3
(This used to be commit 045bce900ea0b864bf3ac2fe8c197d42c6d38a91)
2007-10-10r10089: Fix a typo breaking the Makefile generator and therefore - the build.Rafal Szczesniak1-1/+1
rafal (This used to be commit d6936185d5e4a85b188d5117d7a3b3d6bea2f96b)
2007-10-10r10085: decode level 5 and 9 tooStefan Metzmacher1-1/+5
(this is taken from the ethereal dissector) metze (This used to be commit c50f5fe33b0025edbf473d7c166dea9655e2d42f)
2007-10-10r10081: - create a seperate WINSDB subsystemStefan Metzmacher3-5/+14
- use LIBCLI_WREPL for the winsreplication client code - fix some dependencies metze (This used to be commit 7dd931ee5ac1408da8d14d00f43d19473e06871e)
2007-10-10r10078: - add a 'struct data_blob_list_item'Stefan Metzmacher7-71/+71
- use this for the send_queue's of the different stream_servers to not redefine the same struct so often, and it maybe will be used in other places too metze (This used to be commit b6694f067ab7aff0ee303dbfe8a6e7fad801e7e9)
2007-10-10r10077: - move gcc option checks to check_cc.m4Stefan Metzmacher2-29/+44
- only use -g if supported - don't allow AC_PROG_C and friends to autoset the CFLAGS (we don't want -g -02 by default..., maybe a configure option for -OX could be useful...) metze (This used to be commit f3e0bf022f6a1d5de0d21eb7be3ec97f526fe631)
2007-10-10r10076: this macro was moved to build/m4/smb_cc_featues.m4Stefan Metzmacher1-18/+0
metze (This used to be commit cd444bd6f0743cd5ba1d2b137c2411d3088ff6f0)
2007-10-10r10075: fix warning with autoconf 2.59 on SuSE 9.3Stefan Metzmacher1-2/+2
(don't use m4_regexp: use regexp or m4_bregexp) metze (This used to be commit 89149c06c9319a9ab1e1b411af3e931afa8035aa)
2007-10-10r10074: Pass CPP to pidl via environment variables rather then config.pm. ↵Jelmer Vernooij3-5/+3
This fixes the standalone pidl build (as used for ethereal) (This used to be commit 9c9ebd2214423c58357854f09bd744e13e807d8f)
2007-10-10r10072: Fix mismerge weridness in error handling.Andrew Bartlett1-7/+12
Andrew Bartlett (This used to be commit c17926b6fe278fd757862885f82fd342b755167c)
2007-10-10r10071: Configure checks for IRIX build environment. Test whether we canJames Peach9-18/+249
use the MIPSPro 7.4 -c99 option to get C99 support. Try to find a common perl that is more modern than /usr/bin/perl. (This used to be commit 82fab8b747bf68d8548c6f0f2f4bff98bd428d22)
2007-10-10r10066: This is the second in my patches to work on Samba4's kerberos support,Andrew Bartlett17-761/+961
with an aim to make the code simpiler and more correct. Gone is the old (since the very early Samba 3.0 krb5 days) 'iterate over all keytypes)' code in gensec_krb5, we now follow the approach used in gensec_gssapi, and use a keytab. I have also done a lot of work in the GSSAPI code, to try and reduce the diff between us and upstream heimdal. It was becoming hard to track patches in this code, and I also want this patch (the DCE_STYLE support) to be in a 'manageable' state for when lha considers it for merging. (metze assures me it still has memory leak problems, but I've started to address some of that). This patch also includes a simple update of other code to current heimdal, as well as changes we need for better PAC verification. On the PAC side of things we now match windows member servers by checking the name and authtime on an incoming PAC. Not generating these right was the cause of the PAC pain, and so now both the main code and torture test validate this behaviour. One thing doesn't work with this patch: - the sealing of RPC pipes with kerberos, Samba -> Samba seems broken. I'm pretty sure this is related to AES, and the need to break apart the gss_wrap interface. Andrew Bartlett (This used to be commit a3aba57c00a9c5318f4706db55d03f64e8bea60c)
2007-10-10r10052: Add 'print' commandJelmer Vernooij1-0/+22
(This used to be commit d99c9e2817fbbe2a0a34910672c8473889bc6176)
2007-10-10r10048: Dissect a security_secinfo as a uint32 just to get the winregTim Potter1-0/+1
dissector compiling and linking. It's really an enum defined in security.idl. (This used to be commit b62811afcb85accf9ea0cf12f4b659cd9898e275)