Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
metze
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size
metze
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size
metze
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
metze
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
metze
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx
The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.
metze
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key
This is needed to get the correct key, when aes keys are used.
metze
Stefan Metzmacher [Fri, 8 Aug 2008 13:22:39 +0000 (15:22 +0200)]
krb5: always generate the acceptor subkey as the same enctype as the used service key
With this patch samba4 can use gsskrb5_get_subkey() to get the session key.
metze
Stefan Metzmacher [Fri, 25 Jul 2008 11:11:46 +0000 (13:11 +0200)]
gsskrb5: add support for DCE_STYLE and des and des3 keys
Only the des keys are tested as windows doesn't support des3
metze
Andrew Bartlett [Fri, 8 Aug 2008 04:05:16 +0000 (14:05 +1000)]
Always set a session key, even for the 'no password' case.
This is for bug 5664 reported by Tom <hto@arcor.de>.
Andrew Bartlett
Andrew Bartlett [Fri, 8 Aug 2008 04:04:08 +0000 (14:04 +1000)]
Clarify comment
Andrew Bartlett [Fri, 8 Aug 2008 00:32:21 +0000 (10:32 +1000)]
We can't use ndr_pull_struct_blob_all in combinatin with relative pointers
Stefan Metzmacher [Tue, 29 Jul 2008 20:06:18 +0000 (20:06 +0000)]
lib: prepare the build of zlib
metze
Stefan Metzmacher [Thu, 7 Aug 2008 16:20:11 +0000 (16:20 +0000)]
zlib: add inflateReset2()...
metze
Stefan Metzmacher [Tue, 29 Jul 2008 20:01:23 +0000 (20:01 +0000)]
import of zlib-1.2.3
We want to use zlib for the mszip ndr (de)compression
later, we'll need to add some new functions to zlib.
metze
Stefan Metzmacher [Thu, 7 Aug 2008 17:15:30 +0000 (19:15 +0200)]
drsuapi: fix callers after idl change
metze
Stefan Metzmacher [Thu, 7 Aug 2008 16:15:26 +0000 (16:15 +0000)]
drsuapi.idl: directly use mszip in level 2
This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.
metze
Stefan Metzmacher [Wed, 6 Aug 2008 20:28:04 +0000 (22:28 +0200)]
rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
you need "dcesrv:header signing=yes" to enable it.
metze
Stefan Metzmacher [Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)]
librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
You can trigger it like this:
ncacn_ip_tcp:172.31.9.234[sign,hdrsign]
or
ncacn_ip_tcp:172.31.9.234[seal,hdrsign]
metze
Stefan Metzmacher [Wed, 6 Aug 2008 19:34:00 +0000 (21:34 +0200)]
librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()
metze
Stefan Metzmacher [Wed, 6 Aug 2008 19:30:17 +0000 (21:30 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER
This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...
metze
Stefan Metzmacher [Wed, 6 Aug 2008 19:26:20 +0000 (21:26 +0200)]
gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag
metze
Jelmer Vernooij [Fri, 1 Aug 2008 19:36:49 +0000 (21:36 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 19:12:37 +0000 (21:12 +0200)]
Add helper object Hostconfig to make it easier to get to e.g. the
SAM database.
Stefan Metzmacher [Fri, 1 Aug 2008 16:15:11 +0000 (18:15 +0200)]
heimdal: add experimental --enable-external-heimdal
This should only be used for testing and when you're
absolutly sure the installed heimdal libraries
support the features we need.
(E.g. heimdal-1.2 or lower should NOT work)
metze
Stefan Metzmacher [Fri, 1 Aug 2008 17:30:16 +0000 (19:30 +0200)]
libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
metze
Stefan Metzmacher [Fri, 1 Aug 2008 17:29:08 +0000 (19:29 +0200)]
auth/kerberos: remove dependencies to internal heimdal
metze
Stefan Metzmacher [Fri, 1 Aug 2008 17:24:09 +0000 (19:24 +0200)]
heimdal_build/internal: add some useful defines
metze
Stefan Metzmacher [Fri, 1 Aug 2008 18:27:38 +0000 (20:27 +0200)]
heimdal: fix dependency
metze
Stefan Metzmacher [Fri, 1 Aug 2008 17:23:29 +0000 (19:23 +0200)]
lib/crypto: remove dependency to internal heimdal
metze
Stefan Metzmacher [Fri, 1 Aug 2008 18:15:52 +0000 (20:15 +0200)]
build: remove warning about missing generated include file
metze
Jelmer Vernooij [Fri, 1 Aug 2008 19:00:09 +0000 (21:00 +0200)]
Use new style python classes.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:22 +0000 (20:47 +0200)]
Move domain DN determination out of newuser function.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:03 +0000 (20:47 +0200)]
Actually fix missing substitution variables.
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:56 +0000 (20:17 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:29 +0000 (20:17 +0200)]
Fix some forgotten substitute variables in provision, add check to prevent this sort of regression in the future.
Stefan Metzmacher [Fri, 1 Aug 2008 15:24:24 +0000 (17:24 +0200)]
kdc: use mostly only public kerberos headers
We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:59:40 +0000 (16:59 +0200)]
auth/kerberos: we don't need to include heimdal private headers
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:58:01 +0000 (16:58 +0200)]
gensec_gssapi: include <gssapi/gssapi.h>
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:57:00 +0000 (16:57 +0200)]
heimdal_build: we should only use PRIVATE_DEPENDENCIES
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:53:52 +0000 (16:53 +0200)]
build: autogenerate heimdal basics
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:52:12 +0000 (16:52 +0200)]
build: autogenarate VPATH by configure
metze
Stefan Metzmacher [Fri, 1 Aug 2008 15:49:07 +0000 (17:49 +0200)]
heimdal: add missing files
metze
Stefan Metzmacher [Fri, 1 Aug 2008 15:22:54 +0000 (17:22 +0200)]
auth_server: set the workstation name
metze
Stefan Metzmacher [Fri, 1 Aug 2008 15:21:57 +0000 (17:21 +0200)]
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
metze
Stefan Metzmacher [Fri, 1 Aug 2008 09:17:48 +0000 (11:17 +0200)]
build with the new heimdal version
Stefan Metzmacher [Fri, 1 Aug 2008 05:08:51 +0000 (07:08 +0200)]
heimdal: update to lorikeet-heimdal rev 801
metze
Stefan Metzmacher [Fri, 1 Aug 2008 09:16:14 +0000 (11:16 +0200)]
build: allow flex-2.34 together with bison-2.3
metze
Stefan Metzmacher [Fri, 1 Aug 2008 14:10:06 +0000 (16:10 +0200)]
auth/ntlmssp: don't crash when the backend give no challenge
metze
Stefan Metzmacher [Fri, 1 Aug 2008 13:53:01 +0000 (15:53 +0200)]
auth_server: fix the logic of server_get_challenge()
metze
Stefan Metzmacher [Fri, 1 Aug 2008 13:19:27 +0000 (15:19 +0200)]
auth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>
metze
Stefan Metzmacher [Fri, 1 Aug 2008 07:20:46 +0000 (09:20 +0200)]
Revert "Start implementind domain trusts in our KDC."
This reverts commit
736ce50afd9da9b5fbc3db777fd5341dfa4b721a.
This breaks the build...
metze
Andrew Bartlett [Thu, 31 Jul 2008 13:17:20 +0000 (23:17 +1000)]
Update to a working trustAuthIncoming and trustAuthOutgoing parser.
This is based on the docs, as well as testing against a domain trust
in windows.
Clearly it needs to be more general - perhaps a non IDL parser?
Andrew Bartlett
Andrew Bartlett [Thu, 31 Jul 2008 11:23:48 +0000 (21:23 +1000)]
Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 00:51:59 +0000 (10:51 +1000)]
Use the cldap reply to avoid segfaulting in RPC-DSSYNC
Also don't fail the test if the server does not implement the NT4
changelog.
Andrew Bartlett
Andrew Bartlett [Wed, 30 Jul 2008 23:07:57 +0000 (09:07 +1000)]
Don't fail if the domain has a trust already.
Andrew Bartlett
Andrew Bartlett [Wed, 30 Jul 2008 21:48:16 +0000 (07:48 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 30 Jul 2008 21:47:01 +0000 (07:47 +1000)]
Start implementind domain trusts in our KDC.
Andrew Bartlett
Andrew Bartlett [Wed, 30 Jul 2008 21:45:30 +0000 (07:45 +1000)]
Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1
Jelmer Vernooij [Wed, 30 Jul 2008 11:29:29 +0000 (13:29 +0200)]
Be more pythonic.
Stefan Metzmacher [Mon, 28 Jul 2008 15:59:17 +0000 (17:59 +0200)]
Revert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work"
This reverts commit
73964f069056f46f2f27fc690e42e5c91ae1fe19.
This breaks more than it gains:-( It seems to break the ncacn_np session key
metze
Stefan Metzmacher [Mon, 28 Jul 2008 14:40:21 +0000 (16:40 +0200)]
rpc_server: remove unused variable
metze
Stefan Metzmacher [Mon, 28 Jul 2008 14:11:30 +0000 (16:11 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work
SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.
metze
Stefan Metzmacher [Mon, 28 Jul 2008 13:49:46 +0000 (15:49 +0200)]
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().
metze
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:05 +0000 (21:57 +0200)]
smb2srv: sign SMB2 Logoff replies
metze
Stefan Metzmacher [Mon, 9 Jun 2008 19:45:19 +0000 (21:45 +0200)]
smb2srv: correctly hold the signing state per session
metze
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:41 +0000 (21:57 +0200)]
libcli/smb2: fix per session signing state
metze
Stefan Metzmacher [Mon, 9 Jun 2008 19:41:55 +0000 (21:41 +0200)]
SMB2-CONNECT: remove reference to req->session before calling smb2_logoff_recv() on the invalid session
metze
Stefan Metzmacher [Mon, 9 Jun 2008 19:41:06 +0000 (21:41 +0200)]
libcli/smb2: sign SMB2 Logoff requests
metze
Andrew Bartlett [Mon, 28 Jul 2008 10:51:02 +0000 (20:51 +1000)]
We don't use EXTENSIBLEOBJECT any more.
Andrew Bartlett [Mon, 28 Jul 2008 10:26:14 +0000 (20:26 +1000)]
Make it even clearer what to do next in the LDAP backend setup
Andrew Bartlett [Mon, 28 Jul 2008 10:18:17 +0000 (20:18 +1000)]
Always print the slapd startup command
Andrew Bartlett [Mon, 28 Jul 2008 08:39:37 +0000 (18:39 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Stefan Metzmacher [Mon, 28 Jul 2008 07:29:42 +0000 (09:29 +0200)]
auth/credentials: explain why we need to the enctypes for the gssapi layer
metze
Andrew Bartlett [Sun, 27 Jul 2008 22:04:43 +0000 (08:04 +1000)]
Remove unused variable
Andrew Bartlett [Sun, 27 Jul 2008 22:04:15 +0000 (08:04 +1000)]
Remove unused function and make sensitive directories private.
Andrew Bartlett [Sun, 27 Jul 2008 22:02:18 +0000 (08:02 +1000)]
Fix warnings in new prefixMap code
Jelmer Vernooij [Sun, 27 Jul 2008 17:57:27 +0000 (19:57 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Sun, 27 Jul 2008 17:56:20 +0000 (19:56 +0200)]
Fix location of manpages.
Stefan Metzmacher [Fri, 25 Jul 2008 16:26:31 +0000 (18:26 +0200)]
gensec_gssapi: add support for signing RPC messages
metze
Stefan Metzmacher [Fri, 25 Jul 2008 14:02:29 +0000 (16:02 +0200)]
lib/ldb/tools: allow -W and --realm when build from samba4
metze
Stefan Metzmacher [Fri, 25 Jul 2008 14:00:50 +0000 (16:00 +0200)]
auth/credentials: use the same enctypes when getting a TGT and a TGS
metze
Stefan Metzmacher [Thu, 24 Jul 2008 08:00:20 +0000 (10:00 +0200)]
dsdb: add a comment about the parameter to DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID
metze
Stefan Metzmacher [Thu, 24 Jul 2008 07:55:53 +0000 (09:55 +0200)]
dsdb/schema: make more clear where we create the value for the new prefix mapping
metze
Stefan Metzmacher [Thu, 24 Jul 2008 07:53:29 +0000 (09:53 +0200)]
dsdb/schema: dsdb_write_prefixes_to_ldb() should do the reverse of dsdb_read_prefixes_to_ldb()
metze
Stefan Metzmacher [Fri, 25 Jul 2008 19:26:28 +0000 (21:26 +0200)]
dcerpc.idl: add DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN flag
metze
Stefan Metzmacher [Sat, 26 Jul 2008 18:38:20 +0000 (20:38 +0200)]
mamachinepw: add better error handling
metze
Volker Lendecke [Mon, 19 May 2008 21:06:42 +0000 (23:06 +0200)]
Add "mymachinepw" to fetch our machine password out of secrets.ldb
Stefan Metzmacher [Wed, 14 May 2008 07:47:18 +0000 (09:47 +0200)]
smbtorture: add --extra-user option
This can we used to pass additional credentials to torture tests
(it can be used multiple times.
metze
Brad Hards [Fri, 25 Jul 2008 07:43:21 +0000 (17:43 +1000)]
Define HAVE_ASM_BYTEORDER at all times
Andrew Bartlett [Fri, 25 Jul 2008 04:15:22 +0000 (14:15 +1000)]
Per feedback, remove epoch and ldconfig requires.
See https://bugzilla.redhat.com/show_bug.cgi?id=453083
Andrew Bartlett [Fri, 25 Jul 2008 04:11:18 +0000 (14:11 +1000)]
Make a new define to ensure the accoc_group_id we use is always in common.
Andrew Bartlett [Fri, 25 Jul 2008 01:58:51 +0000 (11:58 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Fri, 25 Jul 2008 01:58:24 +0000 (11:58 +1000)]
Try to avoid a memory leak if we re-set the global schema
However, try also not to pull a schema out from under a running ldb
session.
Andrew Bartlett
Andrew Bartlett [Thu, 24 Jul 2008 22:45:16 +0000 (08:45 +1000)]
Complain if we are told to use an ldap backend, without the type
Andrew Bartlett [Thu, 24 Jul 2008 22:44:00 +0000 (08:44 +1000)]
Clarify how we are doing the 'this is a rootdse query' check.
Stefan Metzmacher [Thu, 24 Jul 2008 06:23:15 +0000 (08:23 +0200)]
hdb-ldb: fix the callers after drsblobs.idl changes
metze
Stefan Metzmacher [Thu, 24 Jul 2008 06:22:23 +0000 (08:22 +0200)]
password_hash: fix the callers after drsblobs.idl changes
metze
Stefan Metzmacher [Thu, 24 Jul 2008 06:20:06 +0000 (08:20 +0200)]
drsblobs.idl: unify the Primary:Kerberos and Primary:Kerberos-Newer-Keys structs
metze
Stefan Metzmacher [Thu, 24 Jul 2008 05:53:55 +0000 (07:53 +0200)]
drsblobs.idl: give some unknowns a meaning
metze