tprouty/samba.git
11 years agoFix up new OpenLDAP MMR code.
Andrew Bartlett [Tue, 19 Aug 2008 04:10:14 +0000 (14:10 +1000)]
Fix up new OpenLDAP MMR code.

This changes the MMR password from hard-coded value of 'linux',
adds tests and fixes the Fedora DS backend.

Currently the MMR password matches the admin password, but we can
change this to be another random value if required.

Also require the port to be specified on the command line, so we don't
hard-code a port of 9000.

Andrew Bartlett

11 years agoGenerate Multi-Master Replication configuration for OpenLDAP
Oliver Liebel [Tue, 19 Aug 2008 02:03:04 +0000 (12:03 +1000)]
Generate Multi-Master Replication configuration for OpenLDAP

This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:41:50 +0000 (20:41 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

11 years agoGenerate the subSchema in cn=Aggregate
Andrew Bartlett [Fri, 15 Aug 2008 10:40:57 +0000 (20:40 +1000)]
Generate the subSchema in cn=Aggregate

This reads the schema from the in-memory structure, when the magic
attributes are requested.  The code is a modified version of that used
in the ad2oLschema tool (now shared).

The schema_fsmo module handles the insertion of the generated result.

As such, this commit also removes these entries from the setup/schema.ldif

Metze's previous stub of this functionality is also removed.

Andrew Bartlett

11 years agoRework generation of the objectClass and attributeType lines.
Andrew Bartlett [Fri, 15 Aug 2008 03:18:48 +0000 (13:18 +1000)]
Rework generation of the objectClass and attributeType lines.

Now that these are subroutines, we can factor them out into a file the
CN=Aggregate schema code can also use.

Andrew Bartlett

11 years agoParamaterise the seperator in ad2OLschema
Andrew Bartlett [Fri, 15 Aug 2008 02:08:10 +0000 (12:08 +1000)]
Paramaterise the seperator in ad2OLschema

This will allow me to add a new mode, with the CN=Aggregate schema
format automatically generated.

Andrew Bartlett

11 years agoDon't segfault in RPC-ATSVC.
Andrew Bartlett [Thu, 14 Aug 2008 23:46:51 +0000 (09:46 +1000)]
Don't segfault in RPC-ATSVC.

11 years agoRAW-OPEN: be more strict in create_option checking
Stefan Metzmacher [Thu, 14 Aug 2008 13:14:53 +0000 (15:14 +0200)]
RAW-OPEN: be more strict in create_option checking

metze

11 years agoRevert "krb5: always generate the acceptor subkey as the same enctype as the used...
Stefan Metzmacher [Wed, 13 Aug 2008 05:22:36 +0000 (07:22 +0200)]
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"

This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11.

As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.

metze

11 years agogsskrb5: always return an acceptor subkey
Stefan Metzmacher [Wed, 13 Aug 2008 07:52:20 +0000 (09:52 +0200)]
gsskrb5: always return an acceptor subkey

For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.

metze

11 years agogensec_gssapi: only cache the session key in STAGE_DONE
Stefan Metzmacher [Wed, 13 Aug 2008 05:18:35 +0000 (07:18 +0200)]
gensec_gssapi: only cache the session key in STAGE_DONE

The key may change because we switch from initiator to acceptor
subkey.

metze

11 years agoSMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED
Stefan Metzmacher [Thu, 14 Aug 2008 11:12:07 +0000 (13:12 +0200)]
SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED

Some standalone server (and samba4) doesn't support this.

metze

11 years agoSMB2-CREATE: be more strict in checking file attributes
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:51 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in checking file attributes

metze

11 years agoSMB2-CREATE: be more strict in error checking
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:22 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in error checking

metze

11 years agontvfs_generic: fix handling of create_options for SMB2
Stefan Metzmacher [Thu, 14 Aug 2008 07:52:45 +0000 (09:52 +0200)]
ntvfs_generic: fix handling of create_options for SMB2

metze

11 years agolibcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK
Stefan Metzmacher [Thu, 14 Aug 2008 10:48:37 +0000 (12:48 +0200)]
libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK

SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.

metze

11 years agopvfs: fix handling of create_option flags
Stefan Metzmacher [Thu, 14 Aug 2008 10:37:31 +0000 (12:37 +0200)]
pvfs: fix handling of create_option flags

metze

11 years agolibcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values
Stefan Metzmacher [Thu, 14 Aug 2008 10:44:25 +0000 (12:44 +0200)]
libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values

We now reuse ignored values for the ntvfs backend private flags.

metze

11 years agosmb2srv: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:48:44 +0000 (09:48 +0200)]
smb2srv: async replies with STATUS_PENDING are not signed

..., but the they may have the sign flag set.

metze

11 years agosmb2srv: sign replies when the request was also signed
Stefan Metzmacher [Wed, 13 Aug 2008 13:20:18 +0000 (15:20 +0200)]
smb2srv: sign replies when the request was also signed

metze

11 years agosmb2srv: use defines instead of hex values
Stefan Metzmacher [Wed, 13 Aug 2008 07:45:44 +0000 (09:45 +0200)]
smb2srv: use defines instead of hex values

metze

11 years agolibcli/smb2: use smb2 signing in auto mode if the server supports it
Stefan Metzmacher [Wed, 13 Aug 2008 13:19:01 +0000 (15:19 +0200)]
libcli/smb2: use smb2 signing in auto mode if the server supports it

metze

11 years agolibcli/smb2: we don't need check the same thing twice...
Stefan Metzmacher [Wed, 13 Aug 2008 07:44:06 +0000 (09:44 +0200)]
libcli/smb2: we don't need check the same thing twice...

metze

11 years agolibcli/smb2: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:42:27 +0000 (09:42 +0200)]
libcli/smb2: async replies with STATUS_PENDING are not signed

metze

11 years agopidl: fix samba4.pidl.samba3-cli test
Stefan Metzmacher [Wed, 13 Aug 2008 14:58:12 +0000 (16:58 +0200)]
pidl: fix samba4.pidl.samba3-cli test

metze

11 years agoNBT-WINSREPLICATION: be more robust to timing errors
Stefan Metzmacher [Wed, 13 Aug 2008 14:53:13 +0000 (16:53 +0200)]
NBT-WINSREPLICATION: be more robust to timing errors

Also reenable disabled tests.

metze

11 years agoexpanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
Andrew Tridgell [Thu, 14 Aug 2008 07:26:30 +0000 (17:26 +1000)]
expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
create options fields are supposed to work

11 years agocope with arbitrary unknown pac buffer types, so when MS adds
Andrew Tridgell [Thu, 14 Aug 2008 05:27:48 +0000 (15:27 +1000)]
cope with arbitrary unknown pac buffer types, so when MS adds
a new one we don't break our server

11 years agocope with not knowing the kdc key
Andrew Tridgell [Thu, 14 Aug 2008 05:27:22 +0000 (15:27 +1000)]
cope with not knowing the kdc key

11 years agogensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
Stefan Metzmacher [Tue, 12 Aug 2008 13:02:02 +0000 (15:02 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze

11 years agogensec_gssapi: fix compiler warnings
Stefan Metzmacher [Tue, 12 Aug 2008 12:57:14 +0000 (14:57 +0200)]
gensec_gssapi: fix compiler warnings

metze

11 years agogensec_gssapi: add a function to load the lucid structure once
Stefan Metzmacher [Tue, 12 Aug 2008 12:56:36 +0000 (14:56 +0200)]
gensec_gssapi: add a function to load the lucid structure once

metze

11 years agogensec: add support for new style spnego and correctly handle mechListMIC
Stefan Metzmacher [Tue, 12 Aug 2008 12:26:21 +0000 (14:26 +0200)]
gensec: add support for new style spnego and correctly handle mechListMIC

metze

11 years agodcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE

metze

11 years agorpc_server: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size

metze

11 years agolibrpc/rpc: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size

metze

11 years agodcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH

metze

11 years agogensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures

metze

11 years agogsskrb5: try to be compatible with windows for gss_wrap* and cfx
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx

The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze

11 years agogensec_gssapi: use gsskrb5_get_subkey() to get the session key
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key

This is needed to get the correct key, when aes keys are used.

metze

11 years agokrb5: always generate the acceptor subkey as the same enctype as the used service key
Stefan Metzmacher [Fri, 8 Aug 2008 13:22:39 +0000 (15:22 +0200)]
krb5: always generate the acceptor subkey as the same enctype as the used service key

With this patch samba4 can use gsskrb5_get_subkey() to get the session key.

metze

11 years agogsskrb5: add support for DCE_STYLE and des and des3 keys
Stefan Metzmacher [Fri, 25 Jul 2008 11:11:46 +0000 (13:11 +0200)]
gsskrb5: add support for DCE_STYLE and des and des3 keys

Only the des keys are tested as windows doesn't support des3

metze

11 years agoAlways set a session key, even for the 'no password' case.
Andrew Bartlett [Fri, 8 Aug 2008 04:05:16 +0000 (14:05 +1000)]
Always set a session key, even for the 'no password' case.

This is for bug 5664 reported by Tom <hto@arcor.de>.

Andrew Bartlett

11 years agoClarify comment
Andrew Bartlett [Fri, 8 Aug 2008 04:04:08 +0000 (14:04 +1000)]
Clarify comment

11 years agoWe can't use ndr_pull_struct_blob_all in combinatin with relative pointers
Andrew Bartlett [Fri, 8 Aug 2008 00:32:21 +0000 (10:32 +1000)]
We can't use ndr_pull_struct_blob_all in combinatin with relative pointers

11 years agolib: prepare the build of zlib
Stefan Metzmacher [Tue, 29 Jul 2008 20:06:18 +0000 (20:06 +0000)]
lib: prepare the build of zlib

metze

11 years agozlib: add inflateReset2()...
Stefan Metzmacher [Thu, 7 Aug 2008 16:20:11 +0000 (16:20 +0000)]
zlib: add inflateReset2()...

metze

11 years agoimport of zlib-1.2.3
Stefan Metzmacher [Tue, 29 Jul 2008 20:01:23 +0000 (20:01 +0000)]
import of zlib-1.2.3

We want to use zlib for the mszip ndr (de)compression
later, we'll need to add some new functions to zlib.

metze

11 years agodrsuapi: fix callers after idl change
Stefan Metzmacher [Thu, 7 Aug 2008 17:15:30 +0000 (19:15 +0200)]
drsuapi: fix callers after idl change

metze

11 years agodrsuapi.idl: directly use mszip in level 2
Stefan Metzmacher [Thu, 7 Aug 2008 16:15:26 +0000 (16:15 +0000)]
drsuapi.idl: directly use mszip in level 2

This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.

metze

11 years agorpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 20:28:04 +0000 (22:28 +0200)]
rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

you need "dcesrv:header signing=yes" to enable it.

metze

11 years agolibrpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)]
librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

You can trigger it like this:

ncacn_ip_tcp:172.31.9.234[sign,hdrsign]

or

ncacn_ip_tcp:172.31.9.234[seal,hdrsign]

metze

11 years agolibrpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()
Stefan Metzmacher [Wed, 6 Aug 2008 19:34:00 +0000 (21:34 +0200)]
librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()

metze

11 years agogensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER
Stefan Metzmacher [Wed, 6 Aug 2008 19:30:17 +0000 (21:30 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER

This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...

metze

11 years agogensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag
Stefan Metzmacher [Wed, 6 Aug 2008 19:26:20 +0000 (21:26 +0200)]
gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag

metze

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 19:36:49 +0000 (21:36 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

11 years agoAdd helper object Hostconfig to make it easier to get to e.g. the
Jelmer Vernooij [Fri, 1 Aug 2008 19:12:37 +0000 (21:12 +0200)]
Add helper object Hostconfig to make it easier to get to e.g. the
SAM database.

11 years agoheimdal: add experimental --enable-external-heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 16:15:11 +0000 (18:15 +0200)]
heimdal: add experimental --enable-external-heimdal

This should only be used for testing and when you're
absolutly sure the installed heimdal libraries
support the features we need.

(E.g. heimdal-1.2 or lower should NOT work)

metze

11 years agolibreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
Stefan Metzmacher [Fri, 1 Aug 2008 17:30:16 +0000 (19:30 +0200)]
libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers

metze

11 years agoauth/kerberos: remove dependencies to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:29:08 +0000 (19:29 +0200)]
auth/kerberos: remove dependencies to internal heimdal

metze

11 years agoheimdal_build/internal: add some useful defines
Stefan Metzmacher [Fri, 1 Aug 2008 17:24:09 +0000 (19:24 +0200)]
heimdal_build/internal: add some useful defines

metze

11 years agoheimdal: fix dependency
Stefan Metzmacher [Fri, 1 Aug 2008 18:27:38 +0000 (20:27 +0200)]
heimdal: fix dependency

metze

11 years agolib/crypto: remove dependency to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:23:29 +0000 (19:23 +0200)]
lib/crypto: remove dependency to internal heimdal

metze

11 years agobuild: remove warning about missing generated include file
Stefan Metzmacher [Fri, 1 Aug 2008 18:15:52 +0000 (20:15 +0200)]
build: remove warning about missing generated include file

metze

11 years agoUse new style python classes.
Jelmer Vernooij [Fri, 1 Aug 2008 19:00:09 +0000 (21:00 +0200)]
Use new style python classes.

11 years agoMove domain DN determination out of newuser function.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:22 +0000 (20:47 +0200)]
Move domain DN determination out of newuser function.

11 years agoActually fix missing substitution variables.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:03 +0000 (20:47 +0200)]
Actually fix missing substitution variables.

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:56 +0000 (20:17 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

11 years agoFix some forgotten substitute variables in provision, add check to prevent this sort...
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:29 +0000 (20:17 +0200)]
Fix some forgotten substitute variables in provision, add check to prevent this sort of regression in the future.

11 years agokdc: use mostly only public kerberos headers
Stefan Metzmacher [Fri, 1 Aug 2008 15:24:24 +0000 (17:24 +0200)]
kdc: use mostly only public kerberos headers

We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze

11 years agoauth/kerberos: we don't need to include heimdal private headers
Stefan Metzmacher [Fri, 1 Aug 2008 14:59:40 +0000 (16:59 +0200)]
auth/kerberos: we don't need to include heimdal private headers

metze

11 years agogensec_gssapi: include <gssapi/gssapi.h>
Stefan Metzmacher [Fri, 1 Aug 2008 14:58:01 +0000 (16:58 +0200)]
gensec_gssapi: include <gssapi/gssapi.h>

metze

11 years agoheimdal_build: we should only use PRIVATE_DEPENDENCIES
Stefan Metzmacher [Fri, 1 Aug 2008 14:57:00 +0000 (16:57 +0200)]
heimdal_build: we should only use PRIVATE_DEPENDENCIES

metze

11 years agobuild: autogenerate heimdal basics
Stefan Metzmacher [Fri, 1 Aug 2008 14:53:52 +0000 (16:53 +0200)]
build: autogenerate heimdal basics

metze

11 years agobuild: autogenarate VPATH by configure
Stefan Metzmacher [Fri, 1 Aug 2008 14:52:12 +0000 (16:52 +0200)]
build: autogenarate VPATH by configure

metze

11 years agoheimdal: add missing files
Stefan Metzmacher [Fri, 1 Aug 2008 15:49:07 +0000 (17:49 +0200)]
heimdal: add missing files

metze

11 years agoauth_server: set the workstation name
Stefan Metzmacher [Fri, 1 Aug 2008 15:22:54 +0000 (17:22 +0200)]
auth_server: set the workstation name

metze

11 years agoheimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
Stefan Metzmacher [Fri, 1 Aug 2008 15:21:57 +0000 (17:21 +0200)]
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c

metze

11 years agobuild with the new heimdal version
Stefan Metzmacher [Fri, 1 Aug 2008 09:17:48 +0000 (11:17 +0200)]
build with the new heimdal version

11 years agoheimdal: update to lorikeet-heimdal rev 801
Stefan Metzmacher [Fri, 1 Aug 2008 05:08:51 +0000 (07:08 +0200)]
heimdal: update to lorikeet-heimdal rev 801

metze

11 years agobuild: allow flex-2.34 together with bison-2.3
Stefan Metzmacher [Fri, 1 Aug 2008 09:16:14 +0000 (11:16 +0200)]
build: allow flex-2.34 together with bison-2.3

metze

11 years agoauth/ntlmssp: don't crash when the backend give no challenge
Stefan Metzmacher [Fri, 1 Aug 2008 14:10:06 +0000 (16:10 +0200)]
auth/ntlmssp: don't crash when the backend give no challenge

metze

11 years agoauth_server: fix the logic of server_get_challenge()
Stefan Metzmacher [Fri, 1 Aug 2008 13:53:01 +0000 (15:53 +0200)]
auth_server: fix the logic of server_get_challenge()

metze

11 years agoauth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>
Stefan Metzmacher [Fri, 1 Aug 2008 13:19:27 +0000 (15:19 +0200)]
auth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>

metze

11 years agoRevert "Start implementind domain trusts in our KDC."
Stefan Metzmacher [Fri, 1 Aug 2008 07:20:46 +0000 (09:20 +0200)]
Revert "Start implementind domain trusts in our KDC."

This reverts commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a.

This breaks the build...

metze

11 years agoUpdate to a working trustAuthIncoming and trustAuthOutgoing parser.
Andrew Bartlett [Thu, 31 Jul 2008 13:17:20 +0000 (23:17 +1000)]
Update to a working trustAuthIncoming and trustAuthOutgoing parser.

This is based on the docs, as well as testing against a domain trust
in windows.

Clearly it needs to be more general - perhaps a non IDL parser?

Andrew Bartlett

11 years agoPrint trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 11:23:48 +0000 (21:23 +1000)]
Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC

11 years agoUse the cldap reply to avoid segfaulting in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 00:51:59 +0000 (10:51 +1000)]
Use the cldap reply to avoid segfaulting in RPC-DSSYNC

Also don't fail the test if the server does not implement the NT4
changelog.

Andrew Bartlett

11 years agoDon't fail if the domain has a trust already.
Andrew Bartlett [Wed, 30 Jul 2008 23:07:57 +0000 (09:07 +1000)]
Don't fail if the domain has a trust already.

Andrew Bartlett

11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 30 Jul 2008 21:48:16 +0000 (07:48 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local

11 years agoStart implementind domain trusts in our KDC.
Andrew Bartlett [Wed, 30 Jul 2008 21:47:01 +0000 (07:47 +1000)]
Start implementind domain trusts in our KDC.

Andrew Bartlett

11 years agoUpdate trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1
Andrew Bartlett [Wed, 30 Jul 2008 21:45:30 +0000 (07:45 +1000)]
Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1

11 years agoBe more pythonic.
Jelmer Vernooij [Wed, 30 Jul 2008 11:29:29 +0000 (13:29 +0200)]
Be more pythonic.

11 years agoRevert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys...
Stefan Metzmacher [Mon, 28 Jul 2008 15:59:17 +0000 (17:59 +0200)]
Revert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work"

This reverts commit 73964f069056f46f2f27fc690e42e5c91ae1fe19.

This breaks more than it gains:-( It seems to break the ncacn_np session key

metze

11 years agorpc_server: remove unused variable
Stefan Metzmacher [Mon, 28 Jul 2008 14:40:21 +0000 (16:40 +0200)]
rpc_server: remove unused variable

metze

11 years agogensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work
Stefan Metzmacher [Mon, 28 Jul 2008 14:11:30 +0000 (16:11 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work

SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.

metze

11 years agolibcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
Stefan Metzmacher [Mon, 28 Jul 2008 13:49:46 +0000 (15:49 +0200)]
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes

To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().

metze

11 years agosmb2srv: sign SMB2 Logoff replies
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:05 +0000 (21:57 +0200)]
smb2srv: sign SMB2 Logoff replies

metze

11 years agosmb2srv: correctly hold the signing state per session
Stefan Metzmacher [Mon, 9 Jun 2008 19:45:19 +0000 (21:45 +0200)]
smb2srv: correctly hold the signing state per session

metze

11 years agolibcli/smb2: fix per session signing state
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:41 +0000 (21:57 +0200)]
libcli/smb2: fix per session signing state

metze