summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* s4:provision: set the correct nTSecurityDescriptor on CN=Users,... (bug #9481)Stefan Metzmacher2012-12-113-1/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Computers,... (bug ↵Stefan Metzmacher2012-12-113-1/+20
| | | | | | | #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Builtin,... (bug #9481)Stefan Metzmacher2012-12-113-0/+61
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on CN=Infrastructure,... ↵Stefan Metzmacher2012-12-113-2/+15
| | | | | | | (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-113-0/+19
| | | | | | | CN=Sites,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:provision: set the correct nTSecurityDescriptor on ↵Stefan Metzmacher2012-12-113-0/+21
| | | | | | | CN=Partitions,CN=Configuration... (bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/descriptor: pass object_list to create_security_descriptor()Stefan Metzmacher2012-12-111-2/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/security: calculate the correct inherited_object GUIDStefan Metzmacher2012-12-111-1/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/security: implement object_in_list()Stefan Metzmacher2012-12-111-2/+23
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:auth: fix function header comment for user_sid_in_group_sid()Michael Adam2012-12-111-1/+1
| | | | | | | | | | | This is embarrassing: the commit 0770a4c01bef26ec51321cd5b97aea4eab9e00a8 which intended to fix an earlier copy'n'paste error, contained another typo, fixed with this commit... Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Dec 11 00:04:45 CET 2012 on sn-devel-104
* pidl: change strange spelling __donnot_use_enum_* to __do_not_use_enum_*Michael Adam2012-12-101-1/+1
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s3:auth: fix create_token_from_sid() to not fail in the winbindd caseMichael Adam2012-12-101-2/+10
| | | | | | | | | | | | | | | | | | | Commit 1c3c5e2156d9096f60bd53a96b88c2f1001d898a which factored the sid-based variant out of create_token_from_username() broke the case of a user handled by winbindd in that the "found_username" was set to NULL which caused the function to fail with NT_STATUS_NO_MEMORY further down. This patch fixes the function so that the case of found_username == NULL is cleanly separated from the NO_MEMORY case and the caller can provide the username in this case, if required. This fixes bug #9457. Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Dec 10 18:18:54 CET 2012 on sn-devel-104
* s3:auth: fix header comment for user_sid_in_group_sid()Michael Adam2012-12-101-2/+2
| | | | | | | | This function was created in 1c3c5e2156d9096f60bd53a96b88c2f1001d898a and the header comment contained copy'n'paste errors from the original function user_in_group_sid() that took the user name. Signed-off-by: Michael Adam <obnox@samba.org>
* s4:dsdb/tests/sec_descriptor: verify the search of a windows dc join keeps ↵Stefan Metzmacher2012-12-101-0/+7
| | | | | | | | | | | | working This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Dec 10 15:41:12 CET 2012 on sn-devel-104
* s4:dsdb/tests/sec_descriptor: verify the nTSecurityDescriptor and sd_flags ↵Stefan Metzmacher2012-12-101-0/+116
| | | | | | | | | interaction This is a regression test for bug #9470. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/operational: fix stripping of the nTSecurityDescriptor attributeStefan Metzmacher2012-12-101-2/+12
| | | | | | | | | | | If the sd_flags control is specified, we should return nTSecurityDescriptor only if the client asked for all attributes. If there's a list of only explicit attribute names, we should ignore the sd_flags control. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags ↵Stefan Metzmacher2012-12-101-2/+9
| | | | | | | | | control is given (bug #9470) Not returning the nTSecurityDescriptor causes a lot of problems. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: give some variables a better nameStefan Metzmacher2012-12-101-10/+13
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: fix the calculation of the attribute array for the sub searchStefan Metzmacher2012-12-101-14/+19
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: check the ldb_attr_list_copy_add() resultStefan Metzmacher2012-12-101-0/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/dirsync: fix potential talloc hierachy problems (bug #9470)Stefan Metzmacher2012-12-101-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4-torture: call the s4u2self tests with arcfour and aes.Günther Deschner2012-12-091-12/+47
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
* s4-torture: precalculate expected session keys from samlogon in schannel test.Günther Deschner2012-12-091-7/+111
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().Günther Deschner2012-12-091-0/+14
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: remove trailing whitespace.Günther Deschner2012-12-091-38/+38
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: remove crypto from serverinfo_to_SamInfoX calls.Günther Deschner2012-12-095-34/+30
| | | | | | | | | All crypto is dealt with within the netlogon samlogon server now. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: Remove obsolete process_creds boolean in samlogon server.Günther Deschner2012-12-091-24/+3
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-auth: session keys in validation level 6 samlogon replies are *not* ↵Günther Deschner2012-12-091-8/+0
| | | | | | | | | encrypted. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: support AES for interactive netlogon samlogon password ↵Günther Deschner2012-12-093-37/+36
| | | | | | | | | | | decryption. Still need to fix AES support for the returned validation info. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-rpc_server: support AES encryption in interactive and generic samlogon.Günther Deschner2012-12-091-5/+23
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: we need to encrypt OWFs using DES in _netr_ServerGetTrustInfo().Günther Deschner2012-12-091-2/+2
| | | | | | | | | Sumit, please check. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: validate owf password hash and negotiate AES in forest trust test.Günther Deschner2012-12-091-1/+12
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: validate owf password hash and negotiate AES ServerGetTrustInfo ↵Günther Deschner2012-12-091-4/+33
| | | | | | | | | test. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: pass down netlogon cred state in _netr_ServerGetTrustInfo().Günther Deschner2012-12-091-9/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: use netlogon_creds_arcfour_crypt() in samba3rpc test.Günther Deschner2012-12-091-6/+3
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: exit early when join fails in samba3rpc tests.Günther Deschner2012-12-091-2/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: support AES encryption in interactive samlogon tests in rpc.samr.Günther Deschner2012-12-091-2/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: support AES encryption in pac_verify/generic samlogon netlogon ↵Günther Deschner2012-12-091-19/+68
| | | | | | | | | tests. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner2012-12-096-10/+10
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: remove trailing whitespace in smbtorture remote_pac test.Günther Deschner2012-12-091-41/+41
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_client: use netlogon_creds_aes_encrypt in interactive netlogon samlogon.Günther Deschner2012-12-091-1/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner2012-12-091-1/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: add AES support for netr_ServerPasswordSet2 tests.Günther Deschner2012-12-091-6/+29
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: pass down netlogon flags in netr_ServerPasswordSet2 tests.Günther Deschner2012-12-091-4/+12
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: remove trailing whitespace from netlogon test.Günther Deschner2012-12-091-105/+105
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_server: support AES decryption in netr_ServerPasswordSet2 server.Günther Deschner2012-12-091-1/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_client: support AES encryption in netr_ServerPasswordSet2 client.Günther Deschner2012-12-091-2/+6
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3-rpc_client: use netlogon_creds_arcfour_crypt() in init_netr_CryptPassword.Günther Deschner2012-12-093-5/+5
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.Günther Deschner2012-12-092-0/+30
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* wafsamba: replace try:except: case with explicit comment about FIPS modeAlexander Bokovoy2012-12-081-8/+7
| | | | | | | | | | | Since exceptions will be caught be outer try:except: pair anyway, mark the test of MD5 code by the comment that explains why we need to really test it. Do it for both hashlib.md5 and md5 modules. Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Sat Dec 8 18:41:07 CET 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-26 11:35:09 +0000