IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
isn't every parameter on NTLMSSP, but it is most of the important
ones.
This showed up that we had the '128bit && LM_KEY' case messed up.
This isn't supported, so we must look instead at the 56 bit flag.
Andrew Bartlett
(This used to be commit 990da31b5f63f1e707651af8bf1a3241a8309811)
We were causing mayhem by weakening the keys at the wrong point in time.
I think this is the correct place to do it. The session key for SMB
signing, and the 'smb session key' (used for encrypting password sets)
is never weakened.
The session key used for bulk data encryption/signing is weakened.
This also makes more sense, when we look at the NTLM2 code.
Andrew Bartlett
(This used to be commit 3fd32a12094ff2b6df52f5ab2af7c0ffceb5a4a0)
The new RPC-SCHANNEL test shows that the full credentials state must
be kept in some shared memory, for some length of time. In
particular, clients will reconnect with SCHANNEL (after loosing all
connections) and expect that the credentials chain will remain in the
same place.
To achive this, we do the server-side crypto in a transaction,
including the fetch/store of the shared state.
Andrew Bartlett
(This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
We should also test netlogon operations, but there are issues with
what state is expected to be stored (far more than we currently do).
Andrew Bartlett
(This used to be commit 39ddba0d0dc4475f9f7c5b7aa19ffff42c9fd1f5)
still missing a configure test to make us
substitute our snprintf to system one when
the system one does not have positional parameters support
(This used to be commit 398f989d6580587eb1fa4fec0b1ed858b5cbe8e1)
Fix asq module, add a second_stage_init to register with rootdse
Fix asq control ldap parsing routines (this was nasty to find out)
(This used to be commit 933a80397d137f7d5b79c82a068d62bb6928ef47)
a plain ldbsearch would just crash
Fix kludge_acl, not passing on the second stage registration
phase to other modules
Simo
(This used to be commit bec99c5cb65d8c32fd4f636ed2f5383fb1b39830)
Until we do not have an internal utf8 compliant
casefloding function we cannot pass this test
in the non-samba build
(This used to be commit 5d93c1eeba8f64784294f3aabcaefa4aaf798355)
safe function if the user provides an utf8
compliant casefold function to ldb.
- Fix toupper_m and tolower_m to not crash if
the case tables are not found
- Let load_case_table() search into the correct
directory in the search tree for the case
tables so that we can test utf8
Simo
(This used to be commit e12f070958eb3c144beb81c5cb878db122249021)
I don't yet know what the extra data in the start_association call mean...
This also let w2k use WREPL_REPL_INFORM messages to us, but w2k3 doesn't
it do it yet...
metze
(This used to be commit 02d6dfa1da754857c28125392a561cfde0087c48)
responses...
Also trust OpenLDAP to be pedantic about it, breaking connections to AD.
In any case, we now get this 'right' (by nasty overloading hacks, but
hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI
to talk to Samba4.
Andrew Bartlett
(This used to be commit 0cbe18211a95f811b51865bc0e8729e9a302ad25)
GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating
a buffer size and what integrity protection/privacy should be used.
I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3.
I'm doing this in the hope that Apple clients as well as SASL-based
LDAP tools may get a bit further.
I still can't get ldapsearch to work, it fails with the ever-helpful
'Local error'.
Andrew Bartlett
(This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
code a little. This also fixes a segfault when we didn't fill in the
error message.
Andrew Bartlett
(This used to be commit 3be01a4ac7efe8d161910e8339bfe42584c0db86)
to correctly support utf8 comparisons
add an ldb_attr_Casefold function for attribute names and use it
instead of casefold in the right places
(This used to be commit 3b4eb2413bbce059dde69f35c03cdc3cc2ba85c5)
was used just in one places and by mistake, as there we should have
been using ldb_attr_cmp()
Remove ldb_caseless_cmp() ... going on with the cleanup and utf8 compliance
effort.
Simo.
(This used to be commit afda68d7bf655a9145648856d29e6e64b9f21aa3)
Also add a way to provide utf8 compliant functions
by registering them with ldb_set_utf8_fns()
Next comes code to register samba internal utf8 functions.
Simo.
(This used to be commit ac9b8a41ffca8e06c5e849d544d3203a665b8e0d)
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
(This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
