summaryrefslogtreecommitdiffstats
path: root/source4/torture/rpc/remote_pac.c
Commit message (Collapse)AuthorAgeFilesLines
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-271-6/+6
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4-torture: call the s4u2self tests with arcfour and aes.Günther Deschner2012-12-091-12/+47
| | | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Dec 9 21:24:44 CET 2012 on sn-devel-104
* s4-torture: support AES encryption in pac_verify/generic samlogon netlogon ↵Günther Deschner2012-12-091-19/+68
| | | | | | | | | tests. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: use names for r.in.logon_level of netlogon samlogon requests.Günther Deschner2012-12-091-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: remove trailing whitespace in smbtorture remote_pac test.Günther Deschner2012-12-091-41/+41
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-torture: Add start of a test to confirm winbindd PAC parsingAndrew Bartlett2012-08-291-1/+1
| | | | | | | So far this confirms that we can accept a ticket using the secrets.tdb entry. Andrew Bartlett
* Introduce system MIT krb5 build with --with-system-mitkrb5 option.Alexander Bokovoy2012-05-231-0/+5
| | | | | | | | | | | | | | | | | System MIT krb5 build also enabled by specifying --without-ad-dc When --with-system-mitkrb5 (or --withou-ad-dc) option is passed to top level configure in WAF build we are trying to detect and use system-wide MIT krb5 libraries. As result, Samba 4 DC functionality will be disabled due to the fact that it is currently impossible to implement embedded KDC server with MIT krb5. Thus, --with-system-mitkrb5/--without-ad-dc build will only produce * Samba 4 client libraries and their Python bindings * Samba 3 server (smbd, nmbd, winbindd from source3/) * Samba 3 client libraries In addition, Samba 4 DC server-specific tests will not be compiled into smbtorture. This in particular affects spoolss_win, spoolss_notify, and remote_pac rpc tests.
* auth: provide private pointer and do not return original PAC signaturesAndrew Bartlett2012-01-291-34/+40
| | | | | | | | | | | There is no need to return the PAC signatures via the special-purpose torture element. Instead, use a private pointer on the auth_context in conjunction with the private PAC processing method. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Jan 29 23:52:50 CET 2012 on sn-devel-104
* s4-torture: For authenticated users, add AUTHENTICATED USERS sidAmitay Isaacs2012-01-251-0/+4
| | | | | Autobuild-User: Amitay Isaacs <amitay@samba.org> Autobuild-Date: Wed Jan 25 01:36:02 CET 2012 on sn-devel-104
* s4-toture: Rename memory contexts in rpc.pac for greater clarityAndrew Bartlett2011-12-291-13/+13
| | | | | | | | | | | This should better follow the mem_ctx/tmp_ctx pattern used elsewhere in Samba. Thankyou Simo for the suggestion. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Dec 29 14:14:06 CET 2011 on sn-devel-104
* s4-torture: Demonstrate handling of the PAC in a custom auth_contextAndrew Bartlett2011-12-291-3/+80
| | | | | | | This demonstrates how a different function pointer can be supplied to handle the PAC blob, without depending on the provisioned samdb etc. Andrew Bartlett
* gensec: move event context from gensec_*_init() to gensec_update()Andrew Bartlett2011-10-181-12/+12
| | | | | | | | | | | | This avoids keeping the event context around on a the gensec_security context structure long term. In the Samba3 server, the event context we either supply is a NULL pointer as no server-side modules currently use the event context. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
* gensec: clarify memory ownership for gensec_session_info() and ↵Andrew Bartlett2011-08-031-3/+3
| | | | | | | | | | | | | | | gensec_session_key() This is slightly less efficient, because we no longer keep a cache on the gensec structures, but much clearer in terms of memory ownership. Both gensec_session_info() and gensec_session_key() now take a mem_ctx and put the result only on that context. Some duplication of memory in the callers (who were rightly uncertain about who was the rightful owner of the returned memory) has been removed to compensate for the internal copy. Andrew Bartlett
* auth: Split out make_user_info_SamBaseInfo and add authenticated argumentAndrew Bartlett2011-07-201-0/+1
| | | | | | | | | This will allow the source3 auth code to call this without needing to double-parse the SIDs Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s4:auth/credentials: pass 'self_service' to ↵Stefan Metzmacher2011-05-181-3/+4
| | | | | | | | | | | | cli_credentials_set_impersonate_principal() This also adds a cli_credentials_get_self_service() helper function. In order to support S4U2Proxy we need to be able to set the service principal for the S4U2Self step independent of the target principal. metze
* s4-auth Rework auth subsystem to remove struct auth_serversupplied_infoAndrew Bartlett2011-02-091-36/+40
| | | | | | | | | | | | | This changes auth_serversupplied_info into the IDL-defined struct auth_user_info_dc. This then in turn contains a struct auth_user_info, which is the only part of the structure that is mainted into the struct session_info. The idea here is to avoid keeping the incomplete results of the authentication (such as session keys, lists of SID memberships etc) in a namespace where it may be confused for the finalised results. Andrew Barltett
* s4-auth Remove special case for account_sid from auth_serversupplied_infoAndrew Bartlett2011-01-201-12/+8
| | | | | | | | | | | | This makes everything reference a server_info->sids list, which is now a struct dom_sid *, not a struct dom_sid **. This is in keeping with the other sid lists in the security_token etc. In the process, I also tidy up the talloc tree (move more structures under their logical parents) and check for some possible overflows in situations with a pathological number of sids. Andrew Bartlett
* s4-torture Remove unused temp dirs from the RPC-PAC test.Andrew Bartlett2011-01-181-9/+0
| | | | | | | The code previously required the creation of a messaging context, but this isn't done any more, so we don't need the tmp dir to put it in. Andrew Bartlett
* s4-smbtorture: Make test names lowercase and dot-separated.Jelmer Vernooij2010-12-111-1/+1
| | | | | | | | This is consistent with the test names used by selftest, should make the names less confusing and easier to integrate with other tools. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Dec 11 04:16:13 CET 2010 on sn-devel-104
* s4-torture Add tests for DES-only accounts PAC behaviour/validation.Andrew Bartlett2010-11-021-3/+42
| | | | | | | | Previously we didn't support DES-only in a Samba4 domain. This is important for some legacy systems that have not yet migrated from this weak crypto. Andrew Bartlett
* libcli/security Use common security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | This includes dom_sid.h and security_token.h and will be moved to the top level shortly. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 03:35:36 UTC 2010 on sn-devel-104
* s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell2010-07-161-6/+6
| | | | | | | this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture/rpc/remote_pac: use dcerpc_netr_LogonSamLogon_r() instead of ↵Stefan Metzmacher2010-06-171-1/+2
| | | | | | dcerpc_netr_LogonSamLogon() metze
* s4:torture Add tests to demonstrate S2U4Self in the RPC-PAC testAndrew Bartlett2010-05-201-8/+306
| | | | | | | | We also compare against SamLogon to try and validate the whole thing. Note that we must represent NULL as "" when comparing between the PAC and SamLogon, due to different marshalling of the structures. Andrew Bartlett
* Finish removal of iconv_convenience in public API's.Jelmer Vernooij2010-05-181-3/+3
|
* s4:torture/rpc: rename rpc.h => torture_rpc.hStefan Metzmacher2010-04-141-1/+1
| | | | | | | | | | | The reason for this is that some systems include <rpc/rpc.h> from within system headers. HP-UX 11.00 does so somewhere deep inside of <shadow.h>. For torture/winbind/struct_based.c <rpc/rpc.h> resolves to torture/rpc/rpc.h and breaks the build. metze
* s4:torture/rpc/remote_pac.c: add explicit check for NTSTATUS r.out.resultGünther Deschner2010-03-291-10/+15
| | | | | Guenther Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s4:torture/rpc/remote_pac.c: make use of dcerpc_binding_handle stubsStefan Metzmacher2010-03-171-5/+6
| | | | metze
* s4-torture: ran minimal_includes.pl over source4/tortureAndrew Tridgell2009-10-201-6/+0
| | | | This reduces compile time somewhat.
* s4-smbtorture: add torture_suite_add_machine_workstation_rpc_iface_tcase.Günther Deschner2009-06-291-1/+1
| | | | | | | Unlike torture_suite_add_machine_bdc_rpc_iface_tcase() which joins as a BDC (ACB_SRVTRUST) this joins as a member workstation (ACB_WSTRUST). Guenther
* Rework Samba4 to use the new common libcli/auth codeAndrew Bartlett2009-04-141-13/+14
| | | | | | | In particular, this is the rename from creds_ to netlogon_creds_, as well as other links to use the new common crypto. Andrew Bartlett
* Remove useless invocation of messaging_init() in RPC-PAC testAndrew Bartlett2009-02-131-9/+0
|
* Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett2009-02-131-1/+1
| | | | | | | | | | | When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
* Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij2008-11-021-2/+5
| | | | should in the future only contain some settings required for gensec.
* s4-netlogon: merge netr_LogonSamLogon{Ex,WithFlags} from s3 idl.Günther Deschner2008-10-291-8/+26
| | | | Guenther
* RPC-PAC: loop in gensec_update() untill the server side is readyStefan Metzmacher2008-09-231-5/+1
| | | | metze
* Remove unused variableAndrew Bartlett2008-09-221-2/+0
|
* This torture test and skipping of the server-side check was bogus.Andrew Bartlett2008-09-221-49/+0
| | | | | | | The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
* Test a few more error cases in RPC-PACAndrew Bartlett2008-09-031-2/+179
| | | | (This used to be commit 50502b3b8faf89cf5ad396102f4fe80eaa213908)
* It turns out that the Netlogon PAC verification is encrypted.Andrew Bartlett2008-08-291-1/+3
| | | | | | | | This test now passes against Win2k3, and a implementation in the Samba4 server should follow shortly. Andrew Bartlett (This used to be commit c6b8ba893dd3ed90bca32c0ae89fd33be729c238)
* Further rework the RPC-PAC test.Andrew Bartlett2008-08-281-34/+15
| | | | | | | | This would seem to match the documentation requirements for the PAC verfication over NETLOGON, but I can't get Win2k3 to accept it so far. Andrew Bartlett (This used to be commit acfa87f3411a61bdd9066fbbba2bcfbe2a60cbbe)
* Add a test to explore Netlogon PAC validationAndrew Bartlett2008-08-271-0/+220
However, I have still not figured out this protocol yet, and the docs are rather unclear... :-( Andrew Bartlett (This used to be commit d878643071a1477435a267e2944461d367cdfa79)
generated by cgit (git 2.34.1) at 2025-09-02 14:15:50 +0000