kai/samba.git
13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 11:16:40 +0000 (21:16 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:41:50 +0000 (20:41 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

13 years agoGenerate the subSchema in cn=Aggregate
Andrew Bartlett [Fri, 15 Aug 2008 10:40:57 +0000 (20:40 +1000)]
Generate the subSchema in cn=Aggregate

This reads the schema from the in-memory structure, when the magic
attributes are requested.  The code is a modified version of that used
in the ad2oLschema tool (now shared).

The schema_fsmo module handles the insertion of the generated result.

As such, this commit also removes these entries from the setup/schema.ldif

Metze's previous stub of this functionality is also removed.

Andrew Bartlett

13 years agoRework generation of the objectClass and attributeType lines.
Andrew Bartlett [Fri, 15 Aug 2008 03:18:48 +0000 (13:18 +1000)]
Rework generation of the objectClass and attributeType lines.

Now that these are subroutines, we can factor them out into a file the
CN=Aggregate schema code can also use.

Andrew Bartlett

13 years agoParamaterise the seperator in ad2OLschema
Andrew Bartlett [Fri, 15 Aug 2008 02:08:10 +0000 (12:08 +1000)]
Paramaterise the seperator in ad2OLschema

This will allow me to add a new mode, with the CN=Aggregate schema
format automatically generated.

Andrew Bartlett

13 years agoDon't segfault in RPC-ATSVC.
Andrew Bartlett [Thu, 14 Aug 2008 23:46:51 +0000 (09:46 +1000)]
Don't segfault in RPC-ATSVC.

13 years agoRAW-OPEN: be more strict in create_option checking
Stefan Metzmacher [Thu, 14 Aug 2008 13:14:53 +0000 (15:14 +0200)]
RAW-OPEN: be more strict in create_option checking

metze

13 years agoRevert "krb5: always generate the acceptor subkey as the same enctype as the used...
Stefan Metzmacher [Wed, 13 Aug 2008 05:22:36 +0000 (07:22 +0200)]
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"

This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11.

As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.

metze

13 years agogsskrb5: always return an acceptor subkey
Stefan Metzmacher [Wed, 13 Aug 2008 07:52:20 +0000 (09:52 +0200)]
gsskrb5: always return an acceptor subkey

For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.

metze

13 years agogensec_gssapi: only cache the session key in STAGE_DONE
Stefan Metzmacher [Wed, 13 Aug 2008 05:18:35 +0000 (07:18 +0200)]
gensec_gssapi: only cache the session key in STAGE_DONE

The key may change because we switch from initiator to acceptor
subkey.

metze

13 years agoSMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED
Stefan Metzmacher [Thu, 14 Aug 2008 11:12:07 +0000 (13:12 +0200)]
SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED

Some standalone server (and samba4) doesn't support this.

metze

13 years agoSMB2-CREATE: be more strict in checking file attributes
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:51 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in checking file attributes

metze

13 years agoSMB2-CREATE: be more strict in error checking
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:22 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in error checking

metze

13 years agontvfs_generic: fix handling of create_options for SMB2
Stefan Metzmacher [Thu, 14 Aug 2008 07:52:45 +0000 (09:52 +0200)]
ntvfs_generic: fix handling of create_options for SMB2

metze

13 years agolibcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK
Stefan Metzmacher [Thu, 14 Aug 2008 10:48:37 +0000 (12:48 +0200)]
libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK

SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.

metze

13 years agopvfs: fix handling of create_option flags
Stefan Metzmacher [Thu, 14 Aug 2008 10:37:31 +0000 (12:37 +0200)]
pvfs: fix handling of create_option flags

metze

13 years agolibcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values
Stefan Metzmacher [Thu, 14 Aug 2008 10:44:25 +0000 (12:44 +0200)]
libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values

We now reuse ignored values for the ntvfs backend private flags.

metze

13 years agosmb2srv: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:48:44 +0000 (09:48 +0200)]
smb2srv: async replies with STATUS_PENDING are not signed

..., but the they may have the sign flag set.

metze

13 years agosmb2srv: sign replies when the request was also signed
Stefan Metzmacher [Wed, 13 Aug 2008 13:20:18 +0000 (15:20 +0200)]
smb2srv: sign replies when the request was also signed

metze

13 years agosmb2srv: use defines instead of hex values
Stefan Metzmacher [Wed, 13 Aug 2008 07:45:44 +0000 (09:45 +0200)]
smb2srv: use defines instead of hex values

metze

13 years agolibcli/smb2: use smb2 signing in auto mode if the server supports it
Stefan Metzmacher [Wed, 13 Aug 2008 13:19:01 +0000 (15:19 +0200)]
libcli/smb2: use smb2 signing in auto mode if the server supports it

metze

13 years agolibcli/smb2: we don't need check the same thing twice...
Stefan Metzmacher [Wed, 13 Aug 2008 07:44:06 +0000 (09:44 +0200)]
libcli/smb2: we don't need check the same thing twice...

metze

13 years agolibcli/smb2: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:42:27 +0000 (09:42 +0200)]
libcli/smb2: async replies with STATUS_PENDING are not signed

metze

13 years agopidl: fix samba4.pidl.samba3-cli test
Stefan Metzmacher [Wed, 13 Aug 2008 14:58:12 +0000 (16:58 +0200)]
pidl: fix samba4.pidl.samba3-cli test

metze

13 years agoNBT-WINSREPLICATION: be more robust to timing errors
Stefan Metzmacher [Wed, 13 Aug 2008 14:53:13 +0000 (16:53 +0200)]
NBT-WINSREPLICATION: be more robust to timing errors

Also reenable disabled tests.

metze

13 years agoexpanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
Andrew Tridgell [Thu, 14 Aug 2008 07:26:30 +0000 (17:26 +1000)]
expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
create options fields are supposed to work

13 years agocope with arbitrary unknown pac buffer types, so when MS adds
Andrew Tridgell [Thu, 14 Aug 2008 05:27:48 +0000 (15:27 +1000)]
cope with arbitrary unknown pac buffer types, so when MS adds
a new one we don't break our server

13 years agocope with not knowing the kdc key
Andrew Tridgell [Thu, 14 Aug 2008 05:27:22 +0000 (15:27 +1000)]
cope with not knowing the kdc key

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 12 Aug 2008 23:47:18 +0000 (09:47 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

13 years agogensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
Stefan Metzmacher [Tue, 12 Aug 2008 13:02:02 +0000 (15:02 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze

13 years agogensec_gssapi: fix compiler warnings
Stefan Metzmacher [Tue, 12 Aug 2008 12:57:14 +0000 (14:57 +0200)]
gensec_gssapi: fix compiler warnings

metze

13 years agogensec_gssapi: add a function to load the lucid structure once
Stefan Metzmacher [Tue, 12 Aug 2008 12:56:36 +0000 (14:56 +0200)]
gensec_gssapi: add a function to load the lucid structure once

metze

13 years agogensec: add support for new style spnego and correctly handle mechListMIC
Stefan Metzmacher [Tue, 12 Aug 2008 12:26:21 +0000 (14:26 +0200)]
gensec: add support for new style spnego and correctly handle mechListMIC

metze

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Tue, 12 Aug 2008 07:46:48 +0000 (17:46 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

13 years agodcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE

metze

13 years agorpc_server: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size

metze

13 years agolibrpc/rpc: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size

metze

13 years agodcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH

metze

13 years agoOnly allow trust accounts access to the NTP signing service.
Andrew Bartlett [Mon, 11 Aug 2008 01:45:45 +0000 (11:45 +1000)]
Only allow trust accounts access to the NTP signing service.

13 years agogensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures

metze

13 years agogsskrb5: try to be compatible with windows for gss_wrap* and cfx
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx

The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze

13 years agogensec_gssapi: use gsskrb5_get_subkey() to get the session key
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key

This is needed to get the correct key, when aes keys are used.

metze

13 years agokrb5: always generate the acceptor subkey as the same enctype as the used service key
Stefan Metzmacher [Fri, 8 Aug 2008 13:22:39 +0000 (15:22 +0200)]
krb5: always generate the acceptor subkey as the same enctype as the used service key

With this patch samba4 can use gsskrb5_get_subkey() to get the session key.

metze

13 years agogsskrb5: add support for DCE_STYLE and des and des3 keys
Stefan Metzmacher [Fri, 25 Jul 2008 11:11:46 +0000 (13:11 +0200)]
gsskrb5: add support for DCE_STYLE and des and des3 keys

Only the des keys are tested as windows doesn't support des3

metze

13 years agoAlways set a session key, even for the 'no password' case.
Andrew Bartlett [Fri, 8 Aug 2008 04:05:16 +0000 (14:05 +1000)]
Always set a session key, even for the 'no password' case.

This is for bug 5664 reported by Tom <hto@arcor.de>.

Andrew Bartlett

13 years agoClarify comment
Andrew Bartlett [Fri, 8 Aug 2008 04:04:08 +0000 (14:04 +1000)]
Clarify comment

13 years agoWe can't use ndr_pull_struct_blob_all in combinatin with relative pointers
Andrew Bartlett [Fri, 8 Aug 2008 00:32:21 +0000 (10:32 +1000)]
We can't use ndr_pull_struct_blob_all in combinatin with relative pointers

13 years agolib: prepare the build of zlib
Stefan Metzmacher [Tue, 29 Jul 2008 20:06:18 +0000 (20:06 +0000)]
lib: prepare the build of zlib

metze

13 years agozlib: add inflateReset2()...
Stefan Metzmacher [Thu, 7 Aug 2008 16:20:11 +0000 (16:20 +0000)]
zlib: add inflateReset2()...

metze

13 years agoimport of zlib-1.2.3
Stefan Metzmacher [Tue, 29 Jul 2008 20:01:23 +0000 (20:01 +0000)]
import of zlib-1.2.3

We want to use zlib for the mszip ndr (de)compression
later, we'll need to add some new functions to zlib.

metze

13 years agodrsuapi: fix callers after idl change
Stefan Metzmacher [Thu, 7 Aug 2008 17:15:30 +0000 (19:15 +0200)]
drsuapi: fix callers after idl change

metze

13 years agodrsuapi.idl: directly use mszip in level 2
Stefan Metzmacher [Thu, 7 Aug 2008 16:15:26 +0000 (16:15 +0000)]
drsuapi.idl: directly use mszip in level 2

This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.

metze

13 years agorpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 20:28:04 +0000 (22:28 +0200)]
rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

you need "dcesrv:header signing=yes" to enable it.

metze

13 years agolibrpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)]
librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

You can trigger it like this:

ncacn_ip_tcp:172.31.9.234[sign,hdrsign]

or

ncacn_ip_tcp:172.31.9.234[seal,hdrsign]

metze

13 years agolibrpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()
Stefan Metzmacher [Wed, 6 Aug 2008 19:34:00 +0000 (21:34 +0200)]
librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()

metze

13 years agogensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER
Stefan Metzmacher [Wed, 6 Aug 2008 19:30:17 +0000 (21:30 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER

This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...

metze

13 years agogensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag
Stefan Metzmacher [Wed, 6 Aug 2008 19:26:20 +0000 (21:26 +0200)]
gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag

metze

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 19:36:49 +0000 (21:36 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

13 years agoAdd helper object Hostconfig to make it easier to get to e.g. the
Jelmer Vernooij [Fri, 1 Aug 2008 19:12:37 +0000 (21:12 +0200)]
Add helper object Hostconfig to make it easier to get to e.g. the
SAM database.

13 years agoheimdal: add experimental --enable-external-heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 16:15:11 +0000 (18:15 +0200)]
heimdal: add experimental --enable-external-heimdal

This should only be used for testing and when you're
absolutly sure the installed heimdal libraries
support the features we need.

(E.g. heimdal-1.2 or lower should NOT work)

metze

13 years agolibreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
Stefan Metzmacher [Fri, 1 Aug 2008 17:30:16 +0000 (19:30 +0200)]
libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers

metze

13 years agoauth/kerberos: remove dependencies to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:29:08 +0000 (19:29 +0200)]
auth/kerberos: remove dependencies to internal heimdal

metze

13 years agoheimdal_build/internal: add some useful defines
Stefan Metzmacher [Fri, 1 Aug 2008 17:24:09 +0000 (19:24 +0200)]
heimdal_build/internal: add some useful defines

metze

13 years agoheimdal: fix dependency
Stefan Metzmacher [Fri, 1 Aug 2008 18:27:38 +0000 (20:27 +0200)]
heimdal: fix dependency

metze

13 years agolib/crypto: remove dependency to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:23:29 +0000 (19:23 +0200)]
lib/crypto: remove dependency to internal heimdal

metze

13 years agobuild: remove warning about missing generated include file
Stefan Metzmacher [Fri, 1 Aug 2008 18:15:52 +0000 (20:15 +0200)]
build: remove warning about missing generated include file

metze

13 years agoUse new style python classes.
Jelmer Vernooij [Fri, 1 Aug 2008 19:00:09 +0000 (21:00 +0200)]
Use new style python classes.

13 years agoMove domain DN determination out of newuser function.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:22 +0000 (20:47 +0200)]
Move domain DN determination out of newuser function.

13 years agoActually fix missing substitution variables.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:03 +0000 (20:47 +0200)]
Actually fix missing substitution variables.

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:56 +0000 (20:17 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

13 years agoFix some forgotten substitute variables in provision, add check to prevent this sort...
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:29 +0000 (20:17 +0200)]
Fix some forgotten substitute variables in provision, add check to prevent this sort of regression in the future.

13 years agokdc: use mostly only public kerberos headers
Stefan Metzmacher [Fri, 1 Aug 2008 15:24:24 +0000 (17:24 +0200)]
kdc: use mostly only public kerberos headers

We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze

13 years agoauth/kerberos: we don't need to include heimdal private headers
Stefan Metzmacher [Fri, 1 Aug 2008 14:59:40 +0000 (16:59 +0200)]
auth/kerberos: we don't need to include heimdal private headers

metze

13 years agogensec_gssapi: include <gssapi/gssapi.h>
Stefan Metzmacher [Fri, 1 Aug 2008 14:58:01 +0000 (16:58 +0200)]
gensec_gssapi: include <gssapi/gssapi.h>

metze

13 years agoheimdal_build: we should only use PRIVATE_DEPENDENCIES
Stefan Metzmacher [Fri, 1 Aug 2008 14:57:00 +0000 (16:57 +0200)]
heimdal_build: we should only use PRIVATE_DEPENDENCIES

metze

13 years agobuild: autogenerate heimdal basics
Stefan Metzmacher [Fri, 1 Aug 2008 14:53:52 +0000 (16:53 +0200)]
build: autogenerate heimdal basics

metze

13 years agobuild: autogenarate VPATH by configure
Stefan Metzmacher [Fri, 1 Aug 2008 14:52:12 +0000 (16:52 +0200)]
build: autogenarate VPATH by configure

metze

13 years agoheimdal: add missing files
Stefan Metzmacher [Fri, 1 Aug 2008 15:49:07 +0000 (17:49 +0200)]
heimdal: add missing files

metze

13 years agoauth_server: set the workstation name
Stefan Metzmacher [Fri, 1 Aug 2008 15:22:54 +0000 (17:22 +0200)]
auth_server: set the workstation name

metze

13 years agoheimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
Stefan Metzmacher [Fri, 1 Aug 2008 15:21:57 +0000 (17:21 +0200)]
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c

metze

13 years agobuild with the new heimdal version
Stefan Metzmacher [Fri, 1 Aug 2008 09:17:48 +0000 (11:17 +0200)]
build with the new heimdal version

13 years agoheimdal: update to lorikeet-heimdal rev 801
Stefan Metzmacher [Fri, 1 Aug 2008 05:08:51 +0000 (07:08 +0200)]
heimdal: update to lorikeet-heimdal rev 801

metze

13 years agobuild: allow flex-2.34 together with bison-2.3
Stefan Metzmacher [Fri, 1 Aug 2008 09:16:14 +0000 (11:16 +0200)]
build: allow flex-2.34 together with bison-2.3

metze

13 years agoauth/ntlmssp: don't crash when the backend give no challenge
Stefan Metzmacher [Fri, 1 Aug 2008 14:10:06 +0000 (16:10 +0200)]
auth/ntlmssp: don't crash when the backend give no challenge

metze

13 years agoauth_server: fix the logic of server_get_challenge()
Stefan Metzmacher [Fri, 1 Aug 2008 13:53:01 +0000 (15:53 +0200)]
auth_server: fix the logic of server_get_challenge()

metze

13 years agoauth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>
Stefan Metzmacher [Fri, 1 Aug 2008 13:19:27 +0000 (15:19 +0200)]
auth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>

metze

13 years agoRevert "Start implementind domain trusts in our KDC."
Stefan Metzmacher [Fri, 1 Aug 2008 07:20:46 +0000 (09:20 +0200)]
Revert "Start implementind domain trusts in our KDC."

This reverts commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a.

This breaks the build...

metze

13 years agoUpdate to a working trustAuthIncoming and trustAuthOutgoing parser.
Andrew Bartlett [Thu, 31 Jul 2008 13:17:20 +0000 (23:17 +1000)]
Update to a working trustAuthIncoming and trustAuthOutgoing parser.

This is based on the docs, as well as testing against a domain trust
in windows.

Clearly it needs to be more general - perhaps a non IDL parser?

Andrew Bartlett

13 years agoPrint trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 11:23:48 +0000 (21:23 +1000)]
Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC

13 years agoUse the cldap reply to avoid segfaulting in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 00:51:59 +0000 (10:51 +1000)]
Use the cldap reply to avoid segfaulting in RPC-DSSYNC

Also don't fail the test if the server does not implement the NT4
changelog.

Andrew Bartlett

13 years agoDon't fail if the domain has a trust already.
Andrew Bartlett [Wed, 30 Jul 2008 23:07:57 +0000 (09:07 +1000)]
Don't fail if the domain has a trust already.

Andrew Bartlett

13 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 30 Jul 2008 21:48:16 +0000 (07:48 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local

13 years agoStart implementind domain trusts in our KDC.
Andrew Bartlett [Wed, 30 Jul 2008 21:47:01 +0000 (07:47 +1000)]
Start implementind domain trusts in our KDC.

Andrew Bartlett

13 years agoUpdate trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1
Andrew Bartlett [Wed, 30 Jul 2008 21:45:30 +0000 (07:45 +1000)]
Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1

13 years agoBe more pythonic.
Jelmer Vernooij [Wed, 30 Jul 2008 11:29:29 +0000 (13:29 +0200)]
Be more pythonic.

13 years agoRevert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys...
Stefan Metzmacher [Mon, 28 Jul 2008 15:59:17 +0000 (17:59 +0200)]
Revert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work"

This reverts commit 73964f069056f46f2f27fc690e42e5c91ae1fe19.

This breaks more than it gains:-( It seems to break the ncacn_np session key

metze

13 years agorpc_server: remove unused variable
Stefan Metzmacher [Mon, 28 Jul 2008 14:40:21 +0000 (16:40 +0200)]
rpc_server: remove unused variable

metze

13 years agogensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work
Stefan Metzmacher [Mon, 28 Jul 2008 14:11:30 +0000 (16:11 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work

SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.

metze

13 years agolibcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
Stefan Metzmacher [Mon, 28 Jul 2008 13:49:46 +0000 (15:49 +0200)]
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes

To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().

metze

13 years agosmb2srv: sign SMB2 Logoff replies
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:05 +0000 (21:57 +0200)]
smb2srv: sign SMB2 Logoff replies

metze