IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
- added a torture test for interactive login in smbtorture
These changes allow winxp to perform an interactive login (a login on
the winxp console) against a Samba4 DC. Our netlogon server code is
still filling in many of the fields incorrectly, but it fills in
enough that winxp can login.
(This used to be commit db9ea488b047b5f0f7538fd75fb7dde8277eb06b)
structure (andrew, this is the type of structure consolidation I think
you were asking about. It's possible here in NDR as it isn't in the
top level fn code)
- added validation level 6 in sam logon
With these changes I can successfully authentication smbclient to a
winxp server, with the winxp server using a Samba4 ADS DC for account
auth
(This used to be commit 705205083a6e2430c420f44436a1d1ff8826bc73)
This has found some signing errors in the Samba3.0 implementation
of the deferred open code. Still working on these...
Jeremy
(This used to be commit 0068cb12ef91515a95f17a1be7dfbc83fbb89eba)
Changes:
- Check for a valid 'pipe_state' in netr_ServerAuthenticate3 before
we dereference it
- removes the expansionroom[7] in the netr_SamInfo* structs to 7
individual elements.
- renames netr_SamInfo -> netr_SamInfo2
netr_SamInfo2 -> netr_SamInfo3
- Having the thing we always called an 'info3' being 'netr_SamInfo2'
was just too confusing.
- Expand and fill in extra details about users from the SAM, into
the server_info, for processing into the SamLogon reply.
- Add a dum_sid_dup() function to duplicate a struct dom_sid
The SamLogon code currently does not return supplementary groups, and is
only tested with Samba4 smbtorture.
Andrew Bartlett
(This used to be commit 6c92563b7961f15fc74b02601e105d5e1d04f04d)
This starts to store information about the user in the server_info
struct - like the account name, the full name etc.
Also, continue to make the names of the structure elements in the
logon reply more consistant with those in the SAMR pipe.
Andrew Bartlett
(This used to be commit 3ccd96bd945e0fd95e42c69ad8ff07055af2e62b)
multiple torture tests to temporarily join a domain
- fixed a session key size problem
- added a schannel test suite
- allow schannel to work with ncacn_ip_tcp
(This used to be commit 36f05e4d575099fcb957b8a55781c38dcd2e1177)
pwd -> password
passwd -> password
username -> account_name
Also work on consistant structure feild names between these two pipes,
and fix up some callers to use samr_Password for the netlogon
credential code.
Andrew Bartlett
(This used to be commit 4e35418c2776f7b79be5b358ffd077754685d1ac)
This includes the netlogon pipe, for the machine account password
change system.
Andrew Bartlett
(This used to be commit 49d545a82057ee8b60d50aa55e908efe59875150)
names rather than our crazy naming scheme. So DES is now called
des_crypt() rather than smbhash()
- added the code from the solution of the ADS crypto challenge that
allows Samba to correctly handle a 128 bit session key in all of the
netr_ServerAuthenticateX() varients. A huge thanks to Luke Howard
from PADL for solving this one!
- restructured the server side rpc authentication to allow for other
than NTLMSSP sign and seal. This commit just adds the structure, the
next commit will add schannel server side support.
- added 128 bit session key support to our client side code, and
testing against w2k3 with smbtorture. Works well.
(This used to be commit 729b2f41c924a0b435d44a14209e6dacc2304cee)
indicate this although I could not find any consistent pattern.
I found this as 'net rpc group list local' in Samba3 sets this to 250 and only
gets a fixed, but incomplete list of groups out of W2k3.
I tried to correlate the results I got from w2k3 with the LDAP contents of the
corresponding entries, but I could not find anything. Ethereal only decodes
the lower byte, but to get all it seems necessary to have 0xffff here.
If you have time, could you might want to spend some of it decoding the bits
for SAMR completeness....
Volker
(This used to be commit 74e59c45603a9f897a24e37fc7626cf8ffc81403)
WinXP sees us as an ADS server.
Unfortunately WinXP also uses a set of negotiate_flags that we don't
support yet. Some crypto work needed.
(This used to be commit 2d740b65706fb5b4ebc138587472a885d680517f)
- moved some sec desc defines into misc.idl
- fixed pw_len field in UserInfo26
- made some pipes available on TCP
- added netr_DsrEnumerateDomainTrusts() to netlogon
- added templates for remaining netlogon IDL calls (from ethereal)
- added a unistr_noterm vs unistr error detector in ndr basic decoder
- added torture test for netr_DsrEnumerateDomainTrusts()
(This used to be commit ae5a5113fb83640dcb9ae4642c1b9eaf28487956)
- added lsa_OpenPolicy2() to server
- added guid handling in samdb
- added a couple more info policy levels in lsa server
- added some DNS info in the provisioning template and script
With the above changes WinXP professional can join a Samba4 domain
(This used to be commit d6dca96352144d6061175c964069ed54d942b9c2)
- added start of QueryDomainInfo in samr server
"net rpc info" from samba3 now works against a samba4 server. I
suspect join will work fairly soon.
(This used to be commit 0a2c6a1062d0e364356853001f5f39bdb542f453)
- fix the build because of the missing torture/ntlmssp.c
- this file should go into torture/auth/ !
metze
(This used to be commit ad662fddcd1082d040b7c06ce809e0b4c441c1df)
Samba's NTLMSSP code is now fully talloc based, which should go a long
way to cleaning up the memory leaks in this code. This also avoids a
lot of extra copies of data, as we now allocate the 'return' blobs on
a caller-supplied context.
I have also been doing a lot of work towards NTLM2 signing and
sealing. I have this working for sealing, but not for the verifier
(MD5 integrity check on the stream) which is still incorrect.
(I can aim a rpcecho sinkdata from a Win2k3 box to my server, and the
data arrives intact, but the signature check fails. It does however
match the test values I have...).
The new torture test is cludged in - when we get a unit test suite
back, I'll happliy put it in the 'right' place....
Andrew Bartlett
(This used to be commit 399e2e2b1149b8d1c070aa7f0d5131c0b577d2b9)
structures. This was suggested by metze recently.
I checked on the build farm and all the machines we have support 64
bit ints, and support the LL suffix for 64 bit constants. I suspect
some won't support strtoll() and related functions, so we will
probably need replacements for those.
(This used to be commit 9a9244a1c66654c12abe4379661cba83a73c4c21)
- Remove legacy sid_to_string (which contained a memleak)
- Remove some unused parts of lib/util_sid.c
Andrew Bartlett
(This used to be commit 7c69a85984e47c004ddfd9bb5eadcb3191b56f9d)
This involves allowing the password set code in samdb to take an
already hashed password, and some fixes to our torture code.
Andrew Bartlett
(This used to be commit f9f581b5804a20785df06cde157b23c952edc2ce)
Currently this only authentiates the machine, not real users.
As a consequence of running the Samba4 NETLOGON test against Samba4, I
found a number of issues in the SAMR server, which I have addressed.
There are more templates in the provison.ldif for this reason.
I also added some debug to our credentials code, and fixed some bugs
in the auth_sam module.
The static buffer in generate_random_string() bit me badly, so I
removed it in favor of a talloc based system.
Andrew Bartlett
(This used to be commit 94624e519b66def97758b8a48a01ffe9029176f0)
