Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
(This used to be commit 39367ef15fabbb52cd2c05be7ca59b25dc4aff71)
|
|
In the future, we might simply randomly generate this, or allow the
admin to specify it seperate to the admin password. However, both are
highly sensitive, as they imply read access to the krbtgt.
Andrew Bartlett
(This used to be commit 57d19ad002c523fb9a09694e6710ab7f588d44ec)
|
|
This avoids passing rootdn passwords or replicated data in cleartext
across the network.
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 67373c143a1d8a9f310fd116dbf81c1dd123b75f)
|
|
(This used to be commit 36f727c4a73ffc8634692b0c5645343cb414de93)
|
|
The DC is now using smb signing, so testing for the old SMB versions
won't work.
Add a new test script to check 'net join' independent of
blackbox.smbclient.
Andrew Bartlett
(This used to be commit 44ff392ffea52e89a3ac096a6d381ae540d3473c)
|
|
trusted-domains
(This used to be commit a057c3ed9df2670e5cad5f1807e280d77eb58cb0)
|
|
(This used to be commit 07cb8db799cc22685af4bb63285fa10115790ce1)
|
|
The MS-ADTS document has quite detailed instrucitons on how these
flags should be processed. This change also causes the correct
sign-wrapping to occour, as these are declared as signed integers.
Andrew Bartlett
(This used to be commit 5c3d237a6d721dc75166bdc5ac0c6e76a4495bf7)
|
|
This ensures they don't leak over LDAP, but does not prevent access,
as ldbsearch locally still bypasses these controls.
Andrew Bartlett
(This used to be commit fa3f3bab33001770a9d7e33875bf212636f6c128)
|
|
Make 'lsar_CreateTrustedDomain' consistant with
lsar_CreateTrustedDomainEx{,2} by renaming handle -> policy_handle
Implement LSA server logic to create the cn=users trust account for
incoming trusts.
Andrew Bartlett
(This used to be commit d87b655e20b7c38756774cec2e5898af38c46786)
|
|
metze
(This used to be commit 1432a96d37e367d9d97d48b69c6f16351a9ad066)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit fd84c5a08f7e8d6402e5f68eede546eb092d22aa)
|
|
metze
(This used to be commit b36056aac3f55587d2b3e7b66feea8173dbc67f0)
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(This used to be commit ee505df3742dac0af8eec8b9b27d1e1f5ef54ca9)
|
|
(This used to be commit 40b71bbd718f6dee70c0611e527f55c56623dea6)
|
|
metze
(This used to be commit 3f4eb091f0dcc53acbfdc63a8d82a5a0f28954a6)
|
|
This reverts commit 2a4fb661d7e3d601a5eb9ccecb4d4f2b07073097.
(we don't need inflateReset2 anymore)
metze
(This used to be commit ac43081b93966b545928230f7af8654b942432da)
|
|
This reverts commit 0dbbc287f65a51330c5309df5a96b3acd4d044d5.
(we don't need inflateReset2 anymore)
metze
(This used to be commit 426d129dfff1e2d3750884abb68089ff1850e640)
|
|
metze
(This used to be commit 83446e22dd1eda958ef62bbe998da0a47b9ff8ef)
|
|
metze
(This used to be commit dcc57512b030995d9b186c7a6cb3b304d5680867)
|
|
inflateReset2()
Now we can use an unmodified system zlib-1.2.3
metze
(This used to be commit d68e36b485239cbaf99a6dce3f3bf52b4abcd06d)
|
|
Jeremy.
(This used to be commit 840369b5534eee21818b9d3677404b0fc60a0219)
|
|
Signed-of-by: Andrew Bartlett <abartlet@samba.org>
(This used to be commit 80f31c3272b8bc803629c27357033fd325529db1)
|
|
Pinched from b53e6387e30010509034835acf88b91b380ff44a by metze.
Andrew Bartlett
(This used to be commit d55602e23e7947462cb402b20b2d354b96aa7ba3)
|
|
when changing file size using SMBwrite of size zero,
SET_END_OF_FILE, or SET_ALLOCATION_SIZE - no 2 second
delay in these cases.
Jeremy.
(This used to be commit 3aa7523d7750fe30d1e6bb5a75ac42b681b9e493)
|
|
(This used to be commit b52fba5b2c63a24acbfc7e3e989c16b691d98162)
|
|
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
|
|
(This used to be commit 842ab594124198453fc88f46ab83b712a7d34dc1)
|
|
(this does not change the file server role, and only really changes
what 'server signing = auto' means)
Optional signing really isn't any benifit to network security.
In doing so, allow anonymous clients (if permitted by policy) to log
in without signing, as Samba3 does not sign these connections (which
would use an all-zero key, so pointless).
Andrew Bartlett
(This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
|
|
Andrew Bartlett
(This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
|
|
We still don't get the format inside the encrypted blob correct
however.
Andrew Bartlett
(This used to be commit 99a3abda09716c064b3e9a37c4a79a8f62444eca)
|
|
(This used to be commit c273d63f94c430a4f553085efb0d6e31a99e5853)
|
|
(This used to be commit b599b83a13db90b50a5422ff73daa63648b1e8cd)
|
|
(This used to be commit e8ba65c4db986fcedf7008d05d8f8846f78a98f1)
|
|
(This used to be commit 1897cef508c8bea817c510bd9023d794cb983864)
|
|
(This used to be commit d5c61f470d7aa6dd0e5a22e8718d53a69cbbc239)
|
|
(This used to be commit 3862f3132549332e0a44fad65d7c49a27e1dbd4a)
|
|
(This used to be commit 9590805bcbdd1924eda5a69978ffac7ec7603451)
|
|
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.
Andrew Bartlett
(This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
|
|
(This used to be commit cc1df3c002e6af25add3c8ae20e7efc2ab6f2fa8)
|
|
(This used to be commit 50502b3b8faf89cf5ad396102f4fe80eaa213908)
|
|
Andrew Bartlett
(This used to be commit 91ae8dca254aa8c032daf0c87fa2a47760d32586)
|
|
(This used to be commit e5520706c88911c66b3ce5817e371900212ca083)
|
|
Also check we get the defaults correct with a query in the torture
suite.
Andrew Bartlett
(This used to be commit b55a1b63cc2f7de889f046e975e3414bc5000613)
|
|
(This used to be commit f008c3b6ee324056fd9b63f6151ad6849640c959)
|
|
This makes it easy to set the expiry (or no expiry) for a samdb user
(This used to be commit 25171f18a4b242b5a731f4ac1eefc51cc82efd74)
|
|
(This used to be commit cf37126ac7b833a3a739b151157c296afc0c979c)
|
|
(This used to be commit 8741e8fee619cccd84f2f10e00426df1d4f34074)
|
|
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.
Andrew Bartlett
(This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
|
|
This would seem to match the documentation requirements for the PAC
verfication over NETLOGON, but I can't get Win2k3 to accept it so far.
Andrew Bartlett
(This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
|