summaryrefslogtreecommitdiff
path: root/source3/libads/kerberos.c
AgeCommit message (Collapse)AuthorFilesLines
2002-09-27Move a number of ADS related functions out into utility libs, so that thingsAndrew Bartlett1-1/+8
like metze's sam_ads can also use them. Also add error checking etc to a few more functions. Andrew Bartlett (This used to be commit c864edf4fbf8a6c37888a14b861d7c12cf503d4f)
2002-09-17Add clock skew handling to our kerberos code. This allows us to cope withAndrew Tridgell1-2/+6
the DC being out of sync with the local machine. (This used to be commit 0d28d769472ea3b98ae4c8757093dfd4499f6dd1)
2002-08-05This fixes a number of ADS problems, particularly with netbioslessAndrew Tridgell1-10/+2
setups. - split up the ads structure into logical pieces. This makes it much easier to keep things like the authentication realm and the server realm separate (they can be different). - allow ads callers to specify that no sasl bind should be performed (used by "net ads info" for example) - fix an error with handing ADS_ERROR_SYSTEM() when errno is 0 - completely rewrote the code for finding the LDAP server. Now try DNS methods first, and try all DNS servers returned from the SRV DNS query, sorted by closeness to our interfaces (using the same sort code as we use in replies from WINS servers). This allows us to cope with ADS DCs that are down, and ensures we don't pick one that is on the other side of the country unless absolutely necessary. - recognise dnsRecords as binary when displaying them - cope with the realm not being configured in smb.conf (work it out from the LDAP server) - look at the trustDirection when looking up trusted domains and don't include trusts that trust our domains but we don't trust theirs. - use LDAP to query the alternate (netbios) name for a realm, and make sure that both and long and short forms of the name are accepted by winbindd. Use the short form by default for listing users/groups. - rescan the list of trusted domains every 5 minutes in case new trust relationships are added while winbindd is running - include transient trust relationships (ie. C trusts B, B trusts A, so C trusts A) in winbindd. - don't do a gratuituous node status lookup when finding an ADS DC (we don't need it and it could fail) - remove unused sid_to_distinguished_name function - make sure we find the allternate name of our primary domain when operating with a netbiosless ADS DC (using LDAP to do the lookup) - fixed the rpc trusted domain enumeration to support up to approx 2000 trusted domains (the old limit was 3) - use the IP for the remote_machine (%m) macro when the client doesn't supply us with a name via a netbios session request (eg. port 445) - if the client uses SPNEGO then use the machine name from the SPNEGO auth packet for remote_machine (%m) macro - add new 'net ads workgroup' command to find the netbios workgroup name for a realm (This used to be commit e358d7b24c86a46d8c361b9e32a25d4f71a6dc00)
2002-06-25Break up samba's object dependencies, and its prototype includes.Andrew Bartlett1-123/+0
Now smbclient, net, and swat use their own proto files - now the global proto.h The change to libads/kerberos.c was to break up the dependency on secrets.c - we want to be able to write an ADS client that doesn't need local secrets. I have other breakups in the works - I will remove the dependency of rpc_parse on passdb (and therefore secrets.c) shortly. (NOTE: This patch does *not* break up includes.h, or other such forbidden actions). Andrew Bartlett (This used to be commit edb41dad2df0ae3db364dbc3896cc75956262edf)
2002-04-15by using a prompter function we can avoid the bug in the MIT kerberosAndrew Tridgell1-7/+25
libraries with handling blank passwords. (This used to be commit 59d755ffb57c322a104ff8f52819956cafff1bac)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2001-12-20net ads password and net ads chostpass commands from Remus KoosAndrew Tridgell1-8/+5
(This used to be commit 412e79c448bf02e3097b5c14a36fe0172d8d2895)
2001-12-13better error handlingAndrew Tridgell1-2/+7
(This used to be commit ed6279481bfcb21212e9c22009969c19ea4f1646)
2001-12-11allow overriding the local time in kerberos_kinit_password()Andrew Tridgell1-2/+8
(This used to be commit cb9dbcef7cba9eb42f7b30b81c35142dc945d84f)
2001-12-10moved ccache location change into winbindd codeAndrew Tridgell1-8/+0
(This used to be commit be254eb13c4bf316823ed43db3ef9407f45ca23b)
2001-12-09fixed used of string after freeAndrew Tridgell1-1/+1
(This used to be commit f7ead035ebe55e94cdd5807b173bd4612866b06f)
2001-12-08added internal sasl/gssapi code. This means we are no longer dependent on ↵Andrew Tridgell1-7/+17
cyrus-sasl which makes the code much less fragile. Also added code to auto-determine the server name or realm (This used to be commit 435fdf276a79c2a517adcd7726933aeef3fa924b)
2001-12-06put the winbindd krb5 credentials cache in the lock directoryAndrew Tridgell1-0/+4
this prevents it clobbering the users cache (This used to be commit 3de552f365373de85298dbe911143e036805f9ea)
2001-12-06added a propoer kerberos_kinit_password callAndrew Tridgell1-11/+65
contribution from remus@snapserver.com thanks! (This used to be commit 3ace8f1fcc27492d26f5ad0c3cdfc63235ca0609)
2001-12-05added a REALLY gross hack into kerberos_kinit_password so thatAndrew Tridgell1-0/+21
winbindd can do a kinit this will be removed once we have code that gets a tgt and puts it in a place where cyrus-sasl can see it (This used to be commit 7d94f1b7365215a020d3678d03d820a7d086174f)
2001-11-29Make better use of the ads_init() function to get the kerberos relam etc.Andrew Bartlett1-2/+3
This allows us to use automagically obtained values in future, and the value from krb5.conf now. Also fix mem leaks etc. Andrew Bartlett (This used to be commit 8f9ce717819235d98a1463f20ac659cb4b4ebbd2)
2001-11-24added "net join" commandAndrew Tridgell1-0/+149
this completes the first stage of the smbd ADS support (This used to be commit 058a5aee901e6609969ef7e1d482a720a84a4a12)