tprouty/samba.git
11 years agoGenerate Multi-Master Replication configuration for OpenLDAP
Oliver Liebel [Tue, 19 Aug 2008 02:03:04 +0000 (12:03 +1000)]
Generate Multi-Master Replication configuration for OpenLDAP

This patches provision-backend and the related scripts to generate the
correct configuration blobs for N-way multi-master replication using
OpenLDAP.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
11 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet
Andrew Bartlett [Fri, 15 Aug 2008 10:41:50 +0000 (20:41 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-abartlet

11 years agoGenerate the subSchema in cn=Aggregate
Andrew Bartlett [Fri, 15 Aug 2008 10:40:57 +0000 (20:40 +1000)]
Generate the subSchema in cn=Aggregate

This reads the schema from the in-memory structure, when the magic
attributes are requested.  The code is a modified version of that used
in the ad2oLschema tool (now shared).

The schema_fsmo module handles the insertion of the generated result.

As such, this commit also removes these entries from the setup/schema.ldif

Metze's previous stub of this functionality is also removed.

Andrew Bartlett

11 years agoRework generation of the objectClass and attributeType lines.
Andrew Bartlett [Fri, 15 Aug 2008 03:18:48 +0000 (13:18 +1000)]
Rework generation of the objectClass and attributeType lines.

Now that these are subroutines, we can factor them out into a file the
CN=Aggregate schema code can also use.

Andrew Bartlett

11 years agoParamaterise the seperator in ad2OLschema
Andrew Bartlett [Fri, 15 Aug 2008 02:08:10 +0000 (12:08 +1000)]
Paramaterise the seperator in ad2OLschema

This will allow me to add a new mode, with the CN=Aggregate schema
format automatically generated.

Andrew Bartlett

11 years agoDon't segfault in RPC-ATSVC.
Andrew Bartlett [Thu, 14 Aug 2008 23:46:51 +0000 (09:46 +1000)]
Don't segfault in RPC-ATSVC.

11 years agoRAW-OPEN: be more strict in create_option checking
Stefan Metzmacher [Thu, 14 Aug 2008 13:14:53 +0000 (15:14 +0200)]
RAW-OPEN: be more strict in create_option checking

metze

11 years agoRevert "krb5: always generate the acceptor subkey as the same enctype as the used...
Stefan Metzmacher [Wed, 13 Aug 2008 05:22:36 +0000 (07:22 +0200)]
Revert "krb5: always generate the acceptor subkey as the same enctype as the used service key"

This reverts commit dbb94133e0313cae933d261af0bf1210807a6d11.

As we fixed gensec_gssapi to only return a session key when it's
have the correct session key, this hack isn't needed anymore.

metze

11 years agogsskrb5: always return an acceptor subkey
Stefan Metzmacher [Wed, 13 Aug 2008 07:52:20 +0000 (09:52 +0200)]
gsskrb5: always return an acceptor subkey

For non cfx keys it's the same as the intiator subkey.
This matches windows behavior.

metze

11 years agogensec_gssapi: only cache the session key in STAGE_DONE
Stefan Metzmacher [Wed, 13 Aug 2008 05:18:35 +0000 (07:18 +0200)]
gensec_gssapi: only cache the session key in STAGE_DONE

The key may change because we switch from initiator to acceptor
subkey.

metze

11 years agoSMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED
Stefan Metzmacher [Thu, 14 Aug 2008 11:12:07 +0000 (13:12 +0200)]
SMB2-CREATE: add a special test for FILE_ATTRIBUTE_ENCRYPTED

Some standalone server (and samba4) doesn't support this.

metze

11 years agoSMB2-CREATE: be more strict in checking file attributes
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:51 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in checking file attributes

metze

11 years agoSMB2-CREATE: be more strict in error checking
Stefan Metzmacher [Thu, 14 Aug 2008 07:54:22 +0000 (09:54 +0200)]
SMB2-CREATE: be more strict in error checking

metze

11 years agontvfs_generic: fix handling of create_options for SMB2
Stefan Metzmacher [Thu, 14 Aug 2008 07:52:45 +0000 (09:52 +0200)]
ntvfs_generic: fix handling of create_options for SMB2

metze

11 years agolibcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK
Stefan Metzmacher [Thu, 14 Aug 2008 10:48:37 +0000 (12:48 +0200)]
libcli/smb2: add SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK

SMB2 returns NOT_SUPPORTED to some more NTCREATE_OPTIONS.

metze

11 years agopvfs: fix handling of create_option flags
Stefan Metzmacher [Thu, 14 Aug 2008 10:37:31 +0000 (12:37 +0200)]
pvfs: fix handling of create_option flags

metze

11 years agolibcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values
Stefan Metzmacher [Thu, 14 Aug 2008 10:44:25 +0000 (12:44 +0200)]
libcli/raw: fix the special NTCREATE_OPTIONS_*_MASK values

We now reuse ignored values for the ntvfs backend private flags.

metze

11 years agosmb2srv: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:48:44 +0000 (09:48 +0200)]
smb2srv: async replies with STATUS_PENDING are not signed

..., but the they may have the sign flag set.

metze

11 years agosmb2srv: sign replies when the request was also signed
Stefan Metzmacher [Wed, 13 Aug 2008 13:20:18 +0000 (15:20 +0200)]
smb2srv: sign replies when the request was also signed

metze

11 years agosmb2srv: use defines instead of hex values
Stefan Metzmacher [Wed, 13 Aug 2008 07:45:44 +0000 (09:45 +0200)]
smb2srv: use defines instead of hex values

metze

11 years agolibcli/smb2: use smb2 signing in auto mode if the server supports it
Stefan Metzmacher [Wed, 13 Aug 2008 13:19:01 +0000 (15:19 +0200)]
libcli/smb2: use smb2 signing in auto mode if the server supports it

metze

11 years agolibcli/smb2: we don't need check the same thing twice...
Stefan Metzmacher [Wed, 13 Aug 2008 07:44:06 +0000 (09:44 +0200)]
libcli/smb2: we don't need check the same thing twice...

metze

11 years agolibcli/smb2: async replies with STATUS_PENDING are not signed
Stefan Metzmacher [Wed, 13 Aug 2008 07:42:27 +0000 (09:42 +0200)]
libcli/smb2: async replies with STATUS_PENDING are not signed

metze

11 years agopidl: fix samba4.pidl.samba3-cli test
Stefan Metzmacher [Wed, 13 Aug 2008 14:58:12 +0000 (16:58 +0200)]
pidl: fix samba4.pidl.samba3-cli test

metze

11 years agoNBT-WINSREPLICATION: be more robust to timing errors
Stefan Metzmacher [Wed, 13 Aug 2008 14:53:13 +0000 (16:53 +0200)]
NBT-WINSREPLICATION: be more robust to timing errors

Also reenable disabled tests.

metze

11 years agoexpanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
Andrew Tridgell [Thu, 14 Aug 2008 07:26:30 +0000 (17:26 +1000)]
expanded the SMB2-CREATE and RAW-OPEN tests to explore more of how the
create options fields are supposed to work

11 years agocope with arbitrary unknown pac buffer types, so when MS adds
Andrew Tridgell [Thu, 14 Aug 2008 05:27:48 +0000 (15:27 +1000)]
cope with arbitrary unknown pac buffer types, so when MS adds
a new one we don't break our server

11 years agocope with not knowing the kdc key
Andrew Tridgell [Thu, 14 Aug 2008 05:27:22 +0000 (15:27 +1000)]
cope with not knowing the kdc key

11 years agogensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO
Stefan Metzmacher [Tue, 12 Aug 2008 13:02:02 +0000 (15:02 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_NEW_SPNEGO

metze

11 years agogensec_gssapi: fix compiler warnings
Stefan Metzmacher [Tue, 12 Aug 2008 12:57:14 +0000 (14:57 +0200)]
gensec_gssapi: fix compiler warnings

metze

11 years agogensec_gssapi: add a function to load the lucid structure once
Stefan Metzmacher [Tue, 12 Aug 2008 12:56:36 +0000 (14:56 +0200)]
gensec_gssapi: add a function to load the lucid structure once

metze

11 years agogensec: add support for new style spnego and correctly handle mechListMIC
Stefan Metzmacher [Tue, 12 Aug 2008 12:26:21 +0000 (14:26 +0200)]
gensec: add support for new style spnego and correctly handle mechListMIC

metze

12 years agodcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE
Stefan Metzmacher [Mon, 11 Aug 2008 16:14:51 +0000 (18:14 +0200)]
dcerpc.idl: remove used DCERPC_MAX_SIGN_SIZE

metze

12 years agorpc_server: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:12:54 +0000 (18:12 +0200)]
rpc_server: correct the chunk_size depending on the signature size

metze

12 years agolibrpc/rpc: correct the chunk_size depending on the signature size
Stefan Metzmacher [Mon, 11 Aug 2008 16:00:11 +0000 (18:00 +0200)]
librpc/rpc: correct the chunk_size depending on the signature size

metze

12 years agodcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH
Stefan Metzmacher [Mon, 11 Aug 2008 15:59:38 +0000 (17:59 +0200)]
dcerpc.idl: add DCERPC_AUTH_TRAILER_LENGTH

metze

12 years agogensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures
Stefan Metzmacher [Fri, 8 Aug 2008 10:39:11 +0000 (12:39 +0200)]
gensec_gssapi: use the correct signature size for cfx/rfc4121 style signatures

metze

12 years agogsskrb5: try to be compatible with windows for gss_wrap* and cfx
Stefan Metzmacher [Fri, 8 Aug 2008 13:01:15 +0000 (15:01 +0200)]
gsskrb5: try to be compatible with windows for gss_wrap* and cfx

The good thing is that windows and heimdal both use EC=0
in the non DCE_STYLE case, so we need the windows compat hack
only in DCE_STYLE mode.

metze

12 years agogensec_gssapi: use gsskrb5_get_subkey() to get the session key
Stefan Metzmacher [Fri, 8 Aug 2008 13:27:40 +0000 (15:27 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to get the session key

This is needed to get the correct key, when aes keys are used.

metze

12 years agokrb5: always generate the acceptor subkey as the same enctype as the used service key
Stefan Metzmacher [Fri, 8 Aug 2008 13:22:39 +0000 (15:22 +0200)]
krb5: always generate the acceptor subkey as the same enctype as the used service key

With this patch samba4 can use gsskrb5_get_subkey() to get the session key.

metze

12 years agogsskrb5: add support for DCE_STYLE and des and des3 keys
Stefan Metzmacher [Fri, 25 Jul 2008 11:11:46 +0000 (13:11 +0200)]
gsskrb5: add support for DCE_STYLE and des and des3 keys

Only the des keys are tested as windows doesn't support des3

metze

12 years agoAlways set a session key, even for the 'no password' case.
Andrew Bartlett [Fri, 8 Aug 2008 04:05:16 +0000 (14:05 +1000)]
Always set a session key, even for the 'no password' case.

This is for bug 5664 reported by Tom <hto@arcor.de>.

Andrew Bartlett

12 years agoClarify comment
Andrew Bartlett [Fri, 8 Aug 2008 04:04:08 +0000 (14:04 +1000)]
Clarify comment

12 years agoWe can't use ndr_pull_struct_blob_all in combinatin with relative pointers
Andrew Bartlett [Fri, 8 Aug 2008 00:32:21 +0000 (10:32 +1000)]
We can't use ndr_pull_struct_blob_all in combinatin with relative pointers

12 years agolib: prepare the build of zlib
Stefan Metzmacher [Tue, 29 Jul 2008 20:06:18 +0000 (20:06 +0000)]
lib: prepare the build of zlib

metze

12 years agozlib: add inflateReset2()...
Stefan Metzmacher [Thu, 7 Aug 2008 16:20:11 +0000 (16:20 +0000)]
zlib: add inflateReset2()...

metze

12 years agoimport of zlib-1.2.3
Stefan Metzmacher [Tue, 29 Jul 2008 20:01:23 +0000 (20:01 +0000)]
import of zlib-1.2.3

We want to use zlib for the mszip ndr (de)compression
later, we'll need to add some new functions to zlib.

metze

12 years agodrsuapi: fix callers after idl change
Stefan Metzmacher [Thu, 7 Aug 2008 17:15:30 +0000 (19:15 +0200)]
drsuapi: fix callers after idl change

metze

12 years agodrsuapi.idl: directly use mszip in level 2
Stefan Metzmacher [Thu, 7 Aug 2008 16:15:26 +0000 (16:15 +0000)]
drsuapi.idl: directly use mszip in level 2

This fixes the push because the switch_level doesn't work
otherwise because the pointer is the same as for
the outer switch_level.

metze

12 years agorpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 20:28:04 +0000 (22:28 +0200)]
rpc_server: add support for DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

you need "dcesrv:header signing=yes" to enable it.

metze

12 years agolibrpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN
Stefan Metzmacher [Wed, 6 Aug 2008 19:35:07 +0000 (21:35 +0200)]
librpc/rpc: add support DCERPC_PFC_FLAG_SUPPORT_HEADER_SIGN

You can trigger it like this:

ncacn_ip_tcp:172.31.9.234[sign,hdrsign]

or

ncacn_ip_tcp:172.31.9.234[seal,hdrsign]

metze

12 years agolibrpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()
Stefan Metzmacher [Wed, 6 Aug 2008 19:34:00 +0000 (21:34 +0200)]
librpc/rpc: pass struct dcerpc_pipe to dcerpc_auth3()

metze

12 years agogensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER
Stefan Metzmacher [Wed, 6 Aug 2008 19:30:17 +0000 (21:30 +0200)]
gensec_gssapi: add support for GENSEC_FEATURE_SIGN_PKT_HEADER

This only works for sign/verify_packet() yet,
seal/unseal_packet() doesn't work yet...

metze

12 years agogensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag
Stefan Metzmacher [Wed, 6 Aug 2008 19:26:20 +0000 (21:26 +0200)]
gensec: add GENSEC_FEATURE_SIGN_PKT_HEADER flag

metze

12 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 19:36:49 +0000 (21:36 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

12 years agoAdd helper object Hostconfig to make it easier to get to e.g. the
Jelmer Vernooij [Fri, 1 Aug 2008 19:12:37 +0000 (21:12 +0200)]
Add helper object Hostconfig to make it easier to get to e.g. the
SAM database.

12 years agoheimdal: add experimental --enable-external-heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 16:15:11 +0000 (18:15 +0200)]
heimdal: add experimental --enable-external-heimdal

This should only be used for testing and when you're
absolutly sure the installed heimdal libraries
support the features we need.

(E.g. heimdal-1.2 or lower should NOT work)

metze

12 years agolibreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
Stefan Metzmacher [Fri, 1 Aug 2008 17:30:16 +0000 (19:30 +0200)]
libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers

metze

12 years agoauth/kerberos: remove dependencies to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:29:08 +0000 (19:29 +0200)]
auth/kerberos: remove dependencies to internal heimdal

metze

12 years agoheimdal_build/internal: add some useful defines
Stefan Metzmacher [Fri, 1 Aug 2008 17:24:09 +0000 (19:24 +0200)]
heimdal_build/internal: add some useful defines

metze

12 years agoheimdal: fix dependency
Stefan Metzmacher [Fri, 1 Aug 2008 18:27:38 +0000 (20:27 +0200)]
heimdal: fix dependency

metze

12 years agolib/crypto: remove dependency to internal heimdal
Stefan Metzmacher [Fri, 1 Aug 2008 17:23:29 +0000 (19:23 +0200)]
lib/crypto: remove dependency to internal heimdal

metze

12 years agobuild: remove warning about missing generated include file
Stefan Metzmacher [Fri, 1 Aug 2008 18:15:52 +0000 (20:15 +0200)]
build: remove warning about missing generated include file

metze

12 years agoUse new style python classes.
Jelmer Vernooij [Fri, 1 Aug 2008 19:00:09 +0000 (21:00 +0200)]
Use new style python classes.

12 years agoMove domain DN determination out of newuser function.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:22 +0000 (20:47 +0200)]
Move domain DN determination out of newuser function.

12 years agoActually fix missing substitution variables.
Jelmer Vernooij [Fri, 1 Aug 2008 18:47:03 +0000 (20:47 +0200)]
Actually fix missing substitution variables.

12 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:56 +0000 (20:17 +0200)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into manpage

12 years agoFix some forgotten substitute variables in provision, add check to prevent this sort...
Jelmer Vernooij [Fri, 1 Aug 2008 18:17:29 +0000 (20:17 +0200)]
Fix some forgotten substitute variables in provision, add check to prevent this sort of regression in the future.

12 years agokdc: use mostly only public kerberos headers
Stefan Metzmacher [Fri, 1 Aug 2008 15:24:24 +0000 (17:24 +0200)]
kdc: use mostly only public kerberos headers

We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze

12 years agoauth/kerberos: we don't need to include heimdal private headers
Stefan Metzmacher [Fri, 1 Aug 2008 14:59:40 +0000 (16:59 +0200)]
auth/kerberos: we don't need to include heimdal private headers

metze

12 years agogensec_gssapi: include <gssapi/gssapi.h>
Stefan Metzmacher [Fri, 1 Aug 2008 14:58:01 +0000 (16:58 +0200)]
gensec_gssapi: include <gssapi/gssapi.h>

metze

12 years agoheimdal_build: we should only use PRIVATE_DEPENDENCIES
Stefan Metzmacher [Fri, 1 Aug 2008 14:57:00 +0000 (16:57 +0200)]
heimdal_build: we should only use PRIVATE_DEPENDENCIES

metze

12 years agobuild: autogenerate heimdal basics
Stefan Metzmacher [Fri, 1 Aug 2008 14:53:52 +0000 (16:53 +0200)]
build: autogenerate heimdal basics

metze

12 years agobuild: autogenarate VPATH by configure
Stefan Metzmacher [Fri, 1 Aug 2008 14:52:12 +0000 (16:52 +0200)]
build: autogenarate VPATH by configure

metze

12 years agoheimdal: add missing files
Stefan Metzmacher [Fri, 1 Aug 2008 15:49:07 +0000 (17:49 +0200)]
heimdal: add missing files

metze

12 years agoauth_server: set the workstation name
Stefan Metzmacher [Fri, 1 Aug 2008 15:22:54 +0000 (17:22 +0200)]
auth_server: set the workstation name

metze

12 years agoheimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c
Stefan Metzmacher [Fri, 1 Aug 2008 15:21:57 +0000 (17:21 +0200)]
heimdal: add missing file heimdal/lib/gssapi/mech/gss_pseudo_random.c

metze

12 years agobuild with the new heimdal version
Stefan Metzmacher [Fri, 1 Aug 2008 09:17:48 +0000 (11:17 +0200)]
build with the new heimdal version

12 years agoheimdal: update to lorikeet-heimdal rev 801
Stefan Metzmacher [Fri, 1 Aug 2008 05:08:51 +0000 (07:08 +0200)]
heimdal: update to lorikeet-heimdal rev 801

metze

12 years agobuild: allow flex-2.34 together with bison-2.3
Stefan Metzmacher [Fri, 1 Aug 2008 09:16:14 +0000 (11:16 +0200)]
build: allow flex-2.34 together with bison-2.3

metze

12 years agoauth/ntlmssp: don't crash when the backend give no challenge
Stefan Metzmacher [Fri, 1 Aug 2008 14:10:06 +0000 (16:10 +0200)]
auth/ntlmssp: don't crash when the backend give no challenge

metze

12 years agoauth_server: fix the logic of server_get_challenge()
Stefan Metzmacher [Fri, 1 Aug 2008 13:53:01 +0000 (15:53 +0200)]
auth_server: fix the logic of server_get_challenge()

metze

12 years agoauth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>
Stefan Metzmacher [Fri, 1 Aug 2008 13:19:27 +0000 (15:19 +0200)]
auth_server: fix segfault reported by Julien Kerihuel <j.kerihuel@openchange.org>

metze

12 years agoRevert "Start implementind domain trusts in our KDC."
Stefan Metzmacher [Fri, 1 Aug 2008 07:20:46 +0000 (09:20 +0200)]
Revert "Start implementind domain trusts in our KDC."

This reverts commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a.

This breaks the build...

metze

12 years agoUpdate to a working trustAuthIncoming and trustAuthOutgoing parser.
Andrew Bartlett [Thu, 31 Jul 2008 13:17:20 +0000 (23:17 +1000)]
Update to a working trustAuthIncoming and trustAuthOutgoing parser.

This is based on the docs, as well as testing against a domain trust
in windows.

Clearly it needs to be more general - perhaps a non IDL parser?

Andrew Bartlett

12 years agoPrint trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 11:23:48 +0000 (21:23 +1000)]
Print trustAuthOutgoing and trustAuthIncoming in RPC-DSSYNC

12 years agoUse the cldap reply to avoid segfaulting in RPC-DSSYNC
Andrew Bartlett [Thu, 31 Jul 2008 00:51:59 +0000 (10:51 +1000)]
Use the cldap reply to avoid segfaulting in RPC-DSSYNC

Also don't fail the test if the server does not implement the NT4
changelog.

Andrew Bartlett

12 years agoDon't fail if the domain has a trust already.
Andrew Bartlett [Wed, 30 Jul 2008 23:07:57 +0000 (09:07 +1000)]
Don't fail if the domain has a trust already.

Andrew Bartlett

12 years agoMerge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
Andrew Bartlett [Wed, 30 Jul 2008 21:48:16 +0000 (07:48 +1000)]
Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local

12 years agoStart implementind domain trusts in our KDC.
Andrew Bartlett [Wed, 30 Jul 2008 21:47:01 +0000 (07:47 +1000)]
Start implementind domain trusts in our KDC.

Andrew Bartlett

12 years agoUpdate trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1
Andrew Bartlett [Wed, 30 Jul 2008 21:45:30 +0000 (07:45 +1000)]
Update trustAuthInOutBlob in line with MS-ADTS 7.1.6.8.1

12 years agoBe more pythonic.
Jelmer Vernooij [Wed, 30 Jul 2008 11:29:29 +0000 (13:29 +0200)]
Be more pythonic.

12 years agoRevert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys...
Stefan Metzmacher [Mon, 28 Jul 2008 15:59:17 +0000 (17:59 +0200)]
Revert "gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work"

This reverts commit 73964f069056f46f2f27fc690e42e5c91ae1fe19.

This breaks more than it gains:-( It seems to break the ncacn_np session key

metze

12 years agorpc_server: remove unused variable
Stefan Metzmacher [Mon, 28 Jul 2008 14:40:21 +0000 (16:40 +0200)]
rpc_server: remove unused variable

metze

12 years agogensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work
Stefan Metzmacher [Mon, 28 Jul 2008 14:11:30 +0000 (16:11 +0200)]
gensec_gssapi: use gsskrb5_get_subkey() to make smb2 signing with aes keys work

SMB signing with aes doesn't work, but still works with
arcfour-hmac-md5, des-cbc-md5 and des-cbc-crc.

metze

12 years agolibcli/smb2: the session key for SMB2 signing is truncated to 16 bytes
Stefan Metzmacher [Mon, 28 Jul 2008 13:49:46 +0000 (15:49 +0200)]
libcli/smb2: the session key for SMB2 signing is truncated to 16 bytes

To make that work (as a client) with aes128 and aes256 krb5 keys
we need to use gsskrb5_get_subkey().

metze

12 years agosmb2srv: sign SMB2 Logoff replies
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:05 +0000 (21:57 +0200)]
smb2srv: sign SMB2 Logoff replies

metze

12 years agosmb2srv: correctly hold the signing state per session
Stefan Metzmacher [Mon, 9 Jun 2008 19:45:19 +0000 (21:45 +0200)]
smb2srv: correctly hold the signing state per session

metze

12 years agolibcli/smb2: fix per session signing state
Stefan Metzmacher [Mon, 9 Jun 2008 19:57:41 +0000 (21:57 +0200)]
libcli/smb2: fix per session signing state

metze

12 years agoSMB2-CONNECT: remove reference to req->session before calling smb2_logoff_recv()...
Stefan Metzmacher [Mon, 9 Jun 2008 19:41:55 +0000 (21:41 +0200)]
SMB2-CONNECT: remove reference to req->session before calling smb2_logoff_recv() on the invalid session

metze