summaryrefslogtreecommitdiffstats
path: root/source4
Commit message (Collapse)AuthorAgeFilesLines
* r13508: some ASN.1 element in LDAP are optional,Stefan Metzmacher2007-10-106-66/+137
| | | | | | | make it possible to code the difference between a zero length and a NULL DATA_BLOB... metze (This used to be commit 54f0b19c55df8ad3882f31a114e2ea0e4cf940ae)
* r13507: the 'data' element of LDAP controls is optional.Stefan Metzmacher2007-10-104-0/+12
| | | | | | | (prepare the next commit) metze (This used to be commit a1bbf7f2982185cb6cd544b65b4709ab33a850c5)
* r13506: zero memory as some ASN.1 elements are optional, and we should ↵Stefan Metzmacher2007-10-101-1/+1
| | | | | | | | | | | initialize them for the internal use... found by 'make valgrindtest' metze (This used to be commit 1db9501c5261a974c6da1938537c7991ff6cfefd)
* r13505: allow servers to bind to non-broadcast interfaces. Servers nowAndrew Tridgell2007-10-104-23/+28
| | | | | | specifically ask for iface_n_bcast() and have to check if it returns NULL, in which case it is a non-broadcast interface (This used to be commit d004e250b6710251ea089ac242775481f13b5c2b)
* r13504: add back in a comment noting fred as the contributor of the addressAndrew Tridgell2007-10-101-0/+3
| | | | | | calculation code. This was originally done in 1997, and has been morphed a lot since then, but fred should still get credit (This used to be commit 172e41596fb3b4d2768d6885aea43295cc2f81c1)
* r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.Andrew Bartlett2007-10-105-9/+74
| | | | | | | | | | | We do need the gsskrb5_get_initiator_subkey() routine. But we should ensure that we do always get a valid key, to prevent any segfaults. Without this code, we get a different session key compared with Win2k3, and so kerberised smb signing fails. Andrew Bartlett (This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
* r13480: Explain a little about how these credentials structures should be used.Andrew Bartlett2007-10-101-1/+16
| | | | | Andrew Bartlett (This used to be commit b90959f7968ebbfc82ac55d4775d5574b1fc6925)
* r13479: Return the joined domain SID and user SID as structures, not strings.Andrew Bartlett2007-10-102-11/+11
| | | | | Andrew Bartlett (This used to be commit e1de45bce47292eef1f9c56ea5576c0436e6151d)
* r13472: After Volker's advise, try every combination of parameters. ThisAndrew Bartlett2007-10-102-19/+26
| | | | | | | | | | | isn't every parameter on NTLMSSP, but it is most of the important ones. This showed up that we had the '128bit && LM_KEY' case messed up. This isn't supported, so we must look instead at the 56 bit flag. Andrew Bartlett (This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
* r13471: With more 'try all options' testing, I found this 'simple' but in theAndrew Bartlett2007-10-101-1/+1
| | | | | | | NTLM2 signing code. Andrew Bartlett (This used to be commit 16e5c968756c40b8595503da47a1adb9cb09c447)
* r13470: Thanks to a report from VL:Andrew Bartlett2007-10-104-25/+39
| | | | | | | | | | | | | | | We were causing mayhem by weakening the keys at the wrong point in time. I think this is the correct place to do it. The session key for SMB signing, and the 'smb session key' (used for encrypting password sets) is never weakened. The session key used for bulk data encryption/signing is weakened. This also makes more sense, when we look at the NTLM2 code. Andrew Bartlett (This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
* r13467: Add new parametric options (for testing) controlling LM_KEY and 56-bitAndrew Bartlett2007-10-101-5/+13
| | | | | | | encryption behaviour. Andrew Bartlett (This used to be commit 2b3b2f33a4c531f2b0f65521cc352e6d762e95bd)
* r13466: Make it easier to understand what this function actually does.Andrew Bartlett2007-10-101-5/+5
| | | | | Andrew Bartlett (This used to be commit f075497926f3b8131bf8427ee3a3d5c9e5ee77d7)
* r13405: Allow a fallback if SPNEGO is somehow disabled in the client, to ↵Andrew Bartlett2007-10-101-1/+7
| | | | | | | just NTLMSSP. Andrew Bartlett (This used to be commit 3e96975d910496db87e8e34e310f0f6d283210bf)
* r13404: Comments, whitespace.Andrew Bartlett2007-10-101-3/+4
| | | | | Andrew Bartlett (This used to be commit 04e2fe8b6d293092af86a54215c1fa037bbb20e9)
* r13403: Try to better handle a case where SPNEGO isn't available (allow us toAndrew Bartlett2007-10-103-25/+34
| | | | | | | emulate the behaviour of XP standalone if required). Andrew Bartlett (This used to be commit 7f821097fbdbc9f35d96e05f85cf008f36c0eea3)
* r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.Andrew Bartlett2007-10-105-136/+235
| | | | | | | | | | | | | | The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett (This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
* r13401: remove the rename of the snprintf functions that simo accidentiallyAndrew Tridgell2007-10-101-4/+2
| | | | | included in his last commit (This used to be commit 487b374b4359b2cb5f4e249e595c43bfa568a853)
* r13400: Only return NULL from talloc_asprintf if vsnprintf returns anJames Peach2007-10-101-1/+1
| | | | | error (ie. zero is not an error). (This used to be commit 1ab4674196b9df0b2b7b6eb4991358cc2f86c0d9)
* r13397: Propagate the error return from vsnprintf to trap the case whereJames Peach2007-10-101-2/+12
| | | | | we aren't linked against a C99 vsnprintf. (This used to be commit 23782f899aaa5fe488d86d5e67e91be99ff7a146)
* r13388: Report a more helpful error with malformed file options ofJames Peach2007-10-101-0/+5
| | | | | the form //server/share (ie. remote path missing). (This used to be commit 443677f58d4ba8d6aa2963ca5848d3e717ee2cac)
* r13387: Make sure smbcli_parse_unc reports a failure for strings ofJames Peach2007-10-101-10/+25
| | | | | the form //server. Make sure failure cases are well-defined. (This used to be commit e0020df66bf38873eaaacb95cadac55e17f432be)
* r13381: Test the SamLogonEx SamLogon call in the schannel test. This is onlyAndrew Bartlett2007-10-101-0/+117
| | | | | | | available under schannel, and performs a netlogon authentication. Andrew Bartlett (This used to be commit 561a690915f9d3ca2fbb76f16c47cf2f6be1b825)
* r13380: Drop the socket, then try SAMR operations secured with netlogon on ↵Andrew Bartlett2007-10-102-3/+32
| | | | | | | | | | the new socket. We should also test netlogon operations, but there are issues with what state is expected to be stored (far more than we currently do). Andrew Bartlett (This used to be commit 39ddba0d0dc4475f9f7c5b7aa19ffff42c9fd1f5)
* r13374: new revision of the snprintf replace codeSimo Sorce2007-10-101-226/+672
| | | | | | | still missing a configure test to make us substitute our snprintf to system one when the system one does not have positional parameters support (This used to be commit 398f989d6580587eb1fa4fec0b1ed858b5cbe8e1)
* r13373: Implement the -p option for smbtorture.James Peach2007-10-101-2/+7
| | | | (This used to be commit fc17a50b48189c60af60b9163695b48c6b87c5c7)
* r13372: fixes ... still no joySimo Sorce2007-10-101-0/+8
| | | | (This used to be commit 0e2cca9153619d646b90f32620905ab66b017c6a)
* r13370: Added deltest21 - pull the rug out from a connection by socketJeremy Allison2007-10-101-81/+90
| | | | | | close after setting delete on close flag. Jeremy. (This used to be commit fbea18e78f8a3c6dbb36aa935b7044c0fcf61da4)
* r13369: let's have a way to show the samba4 version through ejsSimo Sorce2007-10-103-1/+14
| | | | | and use it in provisioning to fullfill rfc 3045 requirements (This used to be commit 3fb9571a76481560304a826fc945983d52123299)
* r13362: Rename variables for better consistency.James Peach2007-10-103-66/+72
| | | | (This used to be commit dc20bb0ddc0824fc458e7fc4a9bce5059f4fc0d5)
* r13361: initial implementation of the vlv controlSimo Sorce2007-10-103-4/+361
| | | | | seem still buggy, can't make w2k3 to like it yet (This used to be commit e1318383e91f6f6db39e3e3c9946fbb089753947)
* r13360: Fix crash bug when 0 results are returned on the internal base searchSimo Sorce2007-10-101-1/+11
| | | | (This used to be commit fbee725ae87efbcf5887c923d55d7cb0d05476a6)
* r13359: make sure we don't look at s[-1]Stefan Metzmacher2007-10-101-1/+1
| | | | | metze (This used to be commit 24c6e2f73175befa33f9758634e3ee183916e387)
* r13358: removed some unused functions and make some local functions staticAndrew Tridgell2007-10-101-57/+3
| | | | (This used to be commit a73b76a36a70703738945d42795da6cf90c85105)
* r13357: more docsSimo Sorce2007-10-102-0/+674
| | | | (This used to be commit 5af9086deafc88aa1f9256cc0090592ecbd62203)
* r13355: check controls are correctly exportedSimo Sorce2007-10-101-0/+7
| | | | (This used to be commit 07fa55db32dcb93bfb4406baca0cfba31d3bc189)
* r13354: Add tests to check that controls work properlySimo Sorce2007-10-103-7/+56
| | | | | | Fix asq module, add a second_stage_init to register with rootdse Fix asq control ldap parsing routines (this was nasty to find out) (This used to be commit 933a80397d137f7d5b79c82a068d62bb6928ef47)
* r13353: Fix a crash bug in rootdse when we do not pass in credentialsSimo Sorce2007-10-102-9/+7
| | | | | | | | | | a plain ldbsearch would just crash Fix kludge_acl, not passing on the second stage registration phase to other modules Simo (This used to be commit bec99c5cb65d8c32fd4f636ed2f5383fb1b39830)
* r13352: Integrate Patch to support the ManageDSAIT controlSimo Sorce2007-10-101-0/+20
| | | | | from Pete Rowley <prowley@redhat.com> (This used to be commit bf20a848fda1607ca1b0d84791c299c0035793a1)
* r13349: In the end I could not use ldb_caseless_cmpSimo Sorce2007-10-105-39/+3
| | | | | | | | | in attrib_handler.c functions remove it again Simo (This used to be commit 513ff499071e6cb5e608a82430718021f72997bd)
* r13348: Put a reminder for now.Simo Sorce2007-10-101-0/+2
| | | | | | | Until we do not have an internal utf8 compliant casefloding function we cannot pass this test in the non-samba build (This used to be commit 5d93c1eeba8f64784294f3aabcaefa4aaf798355)
* r13347: - Now we compare values with an optimized utf8Simo Sorce2007-10-102-9/+50
| | | | | | | | | | | | | | | safe function if the user provides an utf8 compliant casefold function to ldb. - Fix toupper_m and tolower_m to not crash if the case tables are not found - Let load_case_table() search into the correct directory in the search tree for the case tables so that we can test utf8 Simo (This used to be commit e12f070958eb3c144beb81c5cb878db122249021)
* r13346: use private proto header files for the torture testsStefan Metzmacher2007-10-1024-1/+66
| | | | | metze (This used to be commit 67837dbd2bcff8ec1917ba02884ee2eaa0776b46)
* r13345: let us replicate with NT4sp6aStefan Metzmacher2007-10-102-0/+35
| | | | | | | | | | I don't yet know what the extra data in the start_association call mean... This also let w2k use WREPL_REPL_INFORM messages to us, but w2k3 doesn't it do it yet... metze (This used to be commit 02d6dfa1da754857c28125392a561cfde0087c48)
* r13344: Trust SASL to have subtle distinctions between NULL and zero-lengthAndrew Bartlett2007-10-102-13/+41
| | | | | | | | | | | | | responses... Also trust OpenLDAP to be pedantic about it, breaking connections to AD. In any case, we now get this 'right' (by nasty overloading hacks, but hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI to talk to Samba4. Andrew Bartlett (This used to be commit 0cbe18211a95f811b51865bc0e8729e9a302ad25)
* r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett2007-10-103-86/+442
| | | | | | | | | | | | | | | | | | the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
* r13341: Trivial.Andrew Bartlett2007-10-101-1/+1
| | | | (This used to be commit b986278b367a6693f69a06e07ca90f8b5a23a0c0)
* r13340: The gensec_init() needs to be after the popt processing, as itAndrew Bartlett2007-10-101-2/+3
| | | | | | | disables modules based on parametric options. Andrew Bartlett (This used to be commit db32a81f3ea661e2308cccca8d6a251a3d57337e)
* r13339: Propogate more error infomation into the error packet and reformat theAndrew Bartlett2007-10-101-38/+49
| | | | | | | | code a little. This also fixes a segfault when we didn't fill in the error message. Andrew Bartlett (This used to be commit 3be01a4ac7efe8d161910e8339bfe42584c0db86)
* r13336: Doh! We actually never optimized for the ascii case.Simo Sorce2007-10-101-3/+3
| | | | | In the 3.0 branches it is fixed this but we missed it for samba4 (This used to be commit baccb3c9147e161a6d2cbe371a60bf2ddcc0585c)