1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

126 Commits

Author SHA1 Message Date
Andrew Bartlett
81dcc99e9a It turns out that the Netlogon PAC verification is encrypted.
This test now passes against Win2k3, and a implementation in the
Samba4 server should follow shortly.

Andrew Bartlett
(This used to be commit c6b8ba893d)
2008-08-29 15:06:30 +10:00
Andrew Bartlett
960bd9df1f Add a test to explore Netlogon PAC validation
However, I have still not figured out this protocol yet, and the docs
are rather unclear... :-(

Andrew Bartlett
(This used to be commit d878643071)
2008-08-27 21:36:27 +10:00
Andrew Bartlett
b5a3f45f64 Add GenericInfo level for SamLogon calls from the WSPP IDL.
Andrew Bartlett
(This used to be commit ea58b650a8)
2008-08-12 17:46:01 +10:00
Andrew Bartlett
d626a26374 Rename structures to better match the names in the WSPP IDL.
The 'comment' element in a number of domain structures is called
oem_information.  This was picked up actually because with OpenLDAP
doing the schema checking, it noticed that 'comment' was not a valid
attribute.

The rename tries to keep this consistant in both the LDB mappings and
IDL, so we don't make the same mistake in future.

This has no real schema impact, as this value isn't actually used for
anything, as 'comment' was not used in the provision.

Andrew Bartlett
(This used to be commit 65dc0d5365)
2008-07-21 13:42:07 +10:00
Jelmer Vernooij
4fcd6cfb75 Add [todo] for functions that are obviously incomplete.
(This used to be commit b7b46ddd41)
2008-04-08 03:15:55 +02:00
Jelmer Vernooij
afe3e8172d Install public header files again and include required prototypes.
(This used to be commit 47ffbbf674)
2008-04-02 04:53:27 +02:00
Stefan Metzmacher
7406c9b903 netlogon.idl: don't use pointer_default_top() and specify "unique" explizit
Note: this doesn't change the generated output!

metze
(This used to be commit e4b12aa9a4)
2008-02-04 18:37:08 +01:00
Günther Deschner
2f60bf32e1 Add IDL for netr_DsrDeregisterDNSHostRecords (just for completion).
Guenther
(This used to be commit 722b4dfdc4)
2008-01-25 22:39:42 +01:00
Günther Deschner
593c211a5f Add IDL for netr_LogonGetTrustRid.
Guenther
(This used to be commit d0893014ab)
2008-01-24 23:56:37 +01:00
Stefan Metzmacher
39fcf7ccdf netlogon.idl: add some MSV1_0_ values from samba3 and use a bitmap32
metze
(This used to be commit 7222edb9cd)
2008-01-24 13:52:47 +01:00
Stefan Metzmacher
a1c7b35bba netlogon.idl: make use of bitmap samr_GroupAttrs
metze
(This used to be commit 6d68161e67)
2008-01-24 10:24:41 +01:00
Stefan Metzmacher
d408be05d6 netlogon.idl: remove unused netr_GroupsMembership structure
We have samr_RidWithAttribute and use that in all cases.

metze
(This used to be commit 3c5bae2249)
2008-01-24 10:22:45 +01:00
Jelmer Vernooij
236a780baa idl: Use typedef rather than declare.
(This used to be commit 3fd750bd54)
2008-01-12 01:18:53 +01:00
Günther Deschner
db225eeef1 r26558: Add IDL for netr_GetForestTrustInformation().
Guenther
(This used to be commit 7aa34b4879)
2007-12-24 01:51:00 -06:00
Günther Deschner
b466534a0d r26286: IDL and torture test for netr_ServerTrustPasswordsGet().
Guenther
(This used to be commit 231fe8826b)
2007-12-21 05:48:09 +01:00
Günther Deschner
96b46e9907 r26285: Add IDL and torture test for netr_ServerPasswordGet().
Guenther
(This used to be commit d64244cfe8)
2007-12-21 05:48:08 +01:00
Günther Deschner
785928dcec r26273: Add IDL and torture test for netr_NetrEnumerateTurstedDomains() and
netr_NetrEnumerateTurstedDomainsEx().

Guenther
(This used to be commit 32a189e850)
2007-12-21 05:47:56 +01:00
Günther Deschner
b79e33826f r25951: Add missing DS_SERVER_NDNC bit to netr_DsR_DcFlags.
Guenther
(This used to be commit 1b49119c73)
2007-12-21 05:45:15 +01:00
Günther Deschner
8f22cf4c26 r25894: Add IDL for netr_DsRAddressToSitenamesW and netr_DsRAddressToSitenamesExW.
Guenther
(This used to be commit ee797e18c7)
2007-12-21 05:44:43 +01:00
Günther Deschner
e4710c9dcf r23384: Fill in NETLOGON netr_DsRGetForestTrustInformation().
Guenther
(This used to be commit 82477b311e)
2007-10-10 14:53:14 -05:00
Günther Deschner
eb9ae52981 r23381: Merge netr_GetDcName WERROR return and WERROR_DOMAIN_CONTROLLER_NOT_FOUND from
SAMBA_3_0.

Guenther
(This used to be commit 841ad140a3)
2007-10-10 14:53:13 -05:00
Günther Deschner
adf23c651b r23240: Fill in netr_DsrGetDcSiteCoverageW.
Guenther
(This used to be commit 9c2b964233)
2007-10-10 14:53:06 -05:00
Günther Deschner
d875b7d620 r23129: Merge from 3_0:
* netr_DsRGetDCName_flags, netr_DsRGetDCNameInfo_AddressType and netr_DsR_DcFlags
* the mask in netr_DsRGetDCNameEx2 turns out to be samr_AcctFlags

Guenther
(This used to be commit 9cdd6d9782)
2007-10-10 14:52:52 -05:00
Jelmer Vernooij
e586d112e2 r21403: Add netlogon tests.
(This used to be commit a620dc3594)
2007-10-10 14:48:26 -05:00
Stefan Metzmacher
71115bb3e6 r21301: - the history contains lm and nt history
- autoset the size values

metze
(This used to be commit 5e51845137)
2007-10-10 14:48:05 -05:00
Jelmer Vernooij
863dcbfa06 r19588: Use include and import statements rather than depends() and helper().
(This used to be commit 347ae96282)
2007-10-10 14:24:58 -05:00
Jelmer Vernooij
cd9057a0bb r18639: Get rid of the keepref support
(This used to be commit d1364ef0cd)
2007-10-10 14:18:59 -05:00
Andrew Tridgell
e7b9aeb883 r18599: the netr_CryptPassword structure needs to use a uint8, as the data is
passed to acrfour, and that assumes a byte buffer. This caused us to
fail big endian boxes (or more specifically, to be incompatible with
little endian boxes)
(This used to be commit a44f2eda1e)
2007-10-10 14:18:54 -05:00
Stefan Metzmacher
e48ed74f4a r17342: implement a SamLogon via IRPC in samba4's winbind
metze
(This used to be commit c3ce7a0c37)
2007-10-10 14:15:17 -05:00
Jelmer Vernooij
9727b061f3 r15776: Don't generate ref pointers in Samba4-generated code. There is no point
in having pointers for outgoing data when you can already modify the top-level
element.

This can be overridden (temporarily) by specifying the new "keepref"
attribute. Once we've removed keepref from all IDL files, I'll remove this
attribute as well.
(This used to be commit bdc6dd3750)
2007-10-10 14:08:18 -05:00
Jelmer Vernooij
d86da81304 r15653: Remove idl_types.h include where possible. Remove
types from .h file that are now in pidls' aliases list.
(This used to be commit fadb9529ec)
2007-10-10 14:08:03 -05:00
Günther Deschner
791d8fd5b6 r13637: Adding more netr_UserFlags.
Guenther
(This used to be commit 3ad84a844c)
2007-10-10 13:52:03 -05:00
Andrew Bartlett
9d1954c25d r13583: Realise that the member server name appears in all calls that use the
credentials.

Consistantly rename these elements in the IDL to computer_name.

Fix the server-side code to always lookup by this name.

Add new, even nastier tests to RPC-SCHANNEL to prove this.

Andrew Bartlett
(This used to be commit 341a0abeb4)
2007-10-10 13:51:58 -05:00
Andrew Tridgell
08377f458e r12084: added a comment on what is appropriate for parameter_control
(This used to be commit 040d798a88)
2007-10-10 13:47:06 -05:00
Andrew Bartlett
56b4e4b62c r11402: In response to comments by volker, expand our Netlogon DsRGetDCName
IDL and testsuites.  The server-side of this remains a stub, we should
probably be doing ldb searches for the server reference record.

Andrew Bartlett
(This used to be commit 0141ed309a)
2007-10-10 13:45:31 -05:00
Andrew Bartlett
56576de528 r11352: Add newly discovered (via the radiator lists) flags for controlling
plaintext and machine account logins.

Update tests to confirm this behaviour.

Andrew Bartlett
(This used to be commit a0ed41d379)
2007-10-10 13:45:22 -05:00
Jelmer Vernooij
98800eb41e r11100: Replace unistr with [string,charset(UTF16)]
(This used to be commit 48f45927ce)
2007-10-10 13:44:49 -05:00
Andrew Bartlett
2af19867d4 r8986: As far as I can tell, given the ldif I get from behind this, we have a
signed NTTIME here.

Andrew Bartlett
(This used to be commit 57b703a9d5)
2007-10-10 13:31:04 -05:00
Andrew Bartlett
b30f0b0391 r8855: Share this enum (describing the SamSync databases) between nbt and netlogon.
Andrew Bartlett
(This used to be commit 5e29e1c68c)
2007-10-10 13:30:12 -05:00
Stefan Metzmacher
59d17eee38 r8375: - move from netr_StringLarge to lsa_StringLarge
- we need to use lsa_StringLarge in lsa_DnsDomainInfo, to make windows clients happy

metze
(This used to be commit 044d18f85f)
2007-10-10 13:20:13 -05:00
Andrew Bartlett
e75c7ff39f r8252: Steal metze's thunder, and prove that with a few small tweaks, we can
now push/pull a sample PAC, and still have the same byte buffer.
(Metze set up the string code, and probably already has a similar
patch).

Unfortunetly win2k3 still doesn't like what we provide, but every step helps.

Also use data_blob_const() when we are just wrapping data for API
reasons.

Andrew Bartlett
(This used to be commit e7c8076fc1)
2007-10-10 13:19:25 -05:00
Stefan Metzmacher
0b92507760 r8232: remove samr_String and netr_String as they are the same as lsa_String
metze
(This used to be commit e601042c07)
2007-10-10 13:19:22 -05:00
Andrew Bartlett
9a7481bcfe r7993: Further work on the Krb5 PAC.
We now generate the PAC, and can verifiy both our own PAC and the PAC
from Win2k3.

This commit adds the PAC generation code, spits out the code to get
the information we need from the NETLOGON server back into a auth/
helper function, and adds a number of glue functions.

In the process of building the PAC generation code, some hints in the
Microsoft PAC specification shed light on other parts of the code, and
the updates to samr.idl and netlogon.idl come from those hints.

Also in this commit:

The Heimdal build package has been split up, so as to only link the
KDC with smbd, not the client utils.

To enable the PAC to be veified with gensec_krb5 (which isn't quite
dead yet), the keyblock has been passed back to the calling layer.

Andrew Bartlett
(This used to be commit e2015671c2)
2007-10-10 13:18:57 -05:00
Andrew Tridgell
f04545f5d2 r7872: another place we were relying on the old behaviour of value()
(This used to be commit 25a64f8946)
2007-10-10 13:18:46 -05:00
Andrew Tridgell
7fc49243f3 r7870: fixed the RPC-SCHANNEL test. It turned out it was my const changes, as
they slightly changed the semantics of value() in pidl, which broke
a optimisation hack in some of our IDL files.

I've changed the idl files to remove the hack for now. Sometime we
need to find a better way to handle these :-)
(This used to be commit 765f75ea63)
2007-10-10 13:18:45 -05:00
Jelmer Vernooij
c420c5a4c4 r7552: Use ParseExpr() for [value] attributes; allows
us somewhat cleaner IDL.
(This used to be commit b7b01bccd1)
2007-10-10 13:18:07 -05:00
Jelmer Vernooij
50d2bf0066 r7029: Make array support in pidl similar to that in other IDL compilers. We should
now able to use constructions like these:

[size_is(20)] int *x; -> Pointer to array of 20 ints
[size_is(20)] int x[]; -> Array of 20 ints
[size_is(20)] int *x[]; -> Array of 20 pointers to ints
[size_is(20,)] int *x[] -> Array of 20 pointers to ints
[size_is(,20)] int *x[]; -> Pointer to array of 20 ints
[size_is(,20)] int **x; -> Pointer to pointer to array of 20 ints
[size_is(20)] int x[][30]; -> 20 blocks of 30 ints
(This used to be commit ecf583da71)
2007-10-10 13:17:07 -05:00
Jelmer Vernooij
e427f58622 r6973: Merge new version of pidl into the main SAMBA_4_0 branch.
The main difference in this new version is the extra data structure generated
between the IDL data structure and the NDR parser:

IDL -> NDR -> { ndr_parser, ndr_header, eparser, etc }

This makes the ndr_parser.pm internals much more sane.

Other changes include:

- Remove unnecessary calls with NDR_BUFFERS (for example, GUID doesn't have any buffers, just scalars) as well as some (unnecessary) nested setting of flags.
- Parse array loops in the C code rather then calling ndr_pull_array(). This allows us to have, for example, arrays of pointers or arrays of pointers to arrays, etc..
- Use if() {} rather then if () goto foo; everywhere
- NDR_IN no longer implies LIBNDR_FLAG_REF_ALLOC
- By default, top level pointers are now "ref" (as is the default in
  most other IDL compilers). This can be overridden using the
  default_pointer_top() property.
- initial work on new ethereal parser generators by Alan DeKok and me
- pidl now writes errors in the standard format used by compilers, which
  is parsable by most editors
- ability to warn about the fact that pidl extension(s) have been used,
  useful for making sure IDL files work with other IDL compilers.

oh, and there's probably some other things I can't think of right now..
(This used to be commit 13cf227615)
2007-10-10 13:17:01 -05:00
Andrew Tridgell
398a3130f5 r6719: pidl need to be told that the external type netr_SchannelType is an enum, otherwise
it will assume its a struct
(This used to be commit 9a8f3e3c4c)
2007-10-10 13:16:37 -05:00
Andrew Bartlett
85e9412c47 r6565: Cludge, cludge, cludge...
We need to pass the 'secure channel type' to the NETLOGON layer, which
must match the account type.

(Yes, jelmer objects to this inclusion of the kitchen sink ;-)

Andrew Bartlett
(This used to be commit 8ee208a926)
2007-10-10 13:16:26 -05:00