summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos/krb5_init_context.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-3/+3
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r22987: Clarify how the events are handled in the kerberos code, andAndrew Bartlett1-7/+17
standardise with the rest of the code. Andrew Bartlett (This used to be commit 3aa9d70723d4377d29e33281b640499193b06c69)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-2/+1
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.Andrew Bartlett1-108/+95
This replaces a lump of hand-crafted code with the generic packet system used in the rest of Samba4. (I started this while chasing down the epoll bug, which turned out to be seperate) (This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
2007-10-10r22961: use EVENT_FD_AUTOCLOSE and SOCKET_FLAG_NOCLOSE to fix up some hairyAndrew Tridgell1-1/+4
problems with order of socket closing in krb5 (This used to be commit 46a7d83c2b49798c6c5389c13ec2b9785c47b85b)
2007-10-10r22635: make it possible to not turn off dns canonicalization of hostnamesStefan Metzmacher1-1/+2
with krb5:set_dns_canonicalize=yes needed for the drsuapi replication, but we should fix this with a kdc locator plugin ... metze (This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
2007-10-10r22602: s/HAVE_SOCKET_IPV6/HAVE_IPV6/ to match the define used by Heimdal.Jelmer Vernooij1-1/+1
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
2007-10-10r20988: Call out to Heimdal's krb5.conf processing to configure many aspectsAndrew Bartlett1-1/+28
of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
2007-10-10r20639: Commit part 1 of 2.Andrew Bartlett1-2/+0
This patch updates our build system and glue to support a new snapshot of lorikeet-heimdal. We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend on that in the heimdal_build/config.mk. This is much easier than listing every generated .o file individually. This required some small changes to the build system, due to the way the parent directory was handled for the output of scripts. I've also cleaned up et_deps.pl to handle cleaning up it's generated files on clean. The PAC glue in Heimdal has changed significantly: we no longer have a custom hack in the KDC, instead we have the windc plugin interface. As such, pac-glue.c is much smaller. In the future, when I'm confident of the new code, we will also be able to 'downsize' auth/kerberos/kerberos_pac.c. (I'll include the updated copy of heimdal in the next chekin, to make it clearer what's changed in Samba4 itself). Andrew Bartlett (This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-21/+11
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r15988: try to fix the build on au2 IRIX 6.4Stefan Metzmacher1-1/+1
metze (This used to be commit 9e93e6f5fb654e4162bbc039306a4b79003e22d7)
2007-10-10r15876: Fix build on IPv6-less systems.Jelmer Vernooij1-0/+2
(This used to be commit 180925659fad50ff82693284587ae4e735458c6b)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell1-6/+3
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-4/+4
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15258: Another attempt at fixing getaddrinfo on IRIXJelmer Vernooij1-0/+1
(This used to be commit 13d0cec018185d768b762ff3afc0224f307b8112)
2007-10-10r14306: fixed two break errorsAndrew Tridgell1-2/+2
(This used to be commit 03da4fbcdd66982de8eb376f9f00da97d730c97f)
2007-10-10r14202: Oops. When removing a header, we need to replace it.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit d1ca106f05ad71b8aa514bf87a4267d61d9dcbf8)
2007-10-10r14201: I don't think including roken is going to be a good solution. Let'sAndrew Bartlett1-2/+0
try and find the real solution. Andrew Bartlett (This used to be commit a512d5dd258797cdb41018923502cb4998f1edfe)
2007-10-10r13844: Remove _PUBLIC_ for now as the proto script seems to make false ↵Jelmer Vernooij1-1/+1
assumptions about the data type being known. (This used to be commit 991bec80e4f20c9fac9ab5c45b0fdf6d048cda66)
2007-10-10r13842: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit aac1b99b362993352d80692afa55c38fc851c016)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett1-0/+2
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r12899: - fix warnings on AIXStefan Metzmacher1-1/+2
- fix compilation of auth/kerberos/krb5_init_context.c on AIX metze (This used to be commit 0e1ad08a8515056f4ed0923889bef04d85b84964)
2007-10-10r12808: Actually, with that we can avoid roken compleatly.Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit 37f342b01095787d4a63a419c6ab3657680c2637)
2007-10-10r12807: I'm wondering if this might fix AIX on the build farm...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8f70d6270a788494dd07430f778ee90a51551e66)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-25/+6
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12594: Jelmer pushed some proposed header reductions to the list today. ThisAndrew Bartlett1-3/+0
commits some of these that I know to be correct in the kerberos area. Andrew Bartlett (This used to be commit 6787b3737c27f5136152b007b0ee2ae314efac3c)
2007-10-10r12064: pass back the socket level error correctly (so we getAndrew Tridgell1-7/+2
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening) (This used to be commit 0f85fc204c6018f8403c2e8f75f683aed38ba83b)
2007-10-10r12063: fixed the krb5 client code to handle ICMP port unreachable errors, andAndrew Tridgell1-17/+21
error out immediatelly. This prevents a long timeout (This used to be commit f6c0fccc06060582ef870a0ac590dabeec2f2e6a)
2007-10-10r11601: try to fix the build on IRIX 6.5 us4Stefan Metzmacher1-0/+3
abartlet, tridge, lha: is there a better way? metze (This used to be commit b2b4969bdcdd85b1093d91184ff10eff9f74e550)
2007-10-10r10985: To aid in testing, this allows us to easily force kerberos to use ↵Andrew Bartlett1-5/+9
UDP or TCP. Andrew Bartlett (This used to be commit ae0b4028ff7033dab70687376c2090baa692cf58)
2007-10-10r10561: This patch takes over KDC socket routines in Heimdal, and directs themAndrew Bartlett1-2/+351
at the Samba4 socket layer. The intention here is to ensure that other events may be processed while heimdal is waiting on the KDC. The interface is designed to be sufficiently flexible, so that the plugin may choose how to time communication with the KDC (ie multiple outstanding requests, looking for a functional KDC). I've hacked the socket layer out of cldap.c to handle this very specific case of one udp packet and reply. Likewise I also handle TCP, stolen from the winbind code. This same plugin system might also be useful for a self-contained testing mode in Heimdal, in conjunction with libkdc. I would suggest using socket-wrapper instead however. Andrew Bartlett (This used to be commit 3b09f9e8f9f6f645cd03073ef833c8d0fb0d84e2)
2007-10-10r10372: Having gone to all the effort to uppercase the realm, actually set theAndrew Bartlett1-1/+1
upper-case realm. Andrew Bartlett (This used to be commit 3e38456dd5c40730f3203e89393dad2b97996d56)
2007-10-10r10337: This grubby little hack is the implementation of a concept discussedAndrew Bartlett1-0/+5
on the kerberos mailing lists a couple of weeks ago: Don't use DNS at all for expanding short names into long names. Using the 'override krb5_init_context' code already in the tree, this removes the DNS lag on a kerberos session setup/connection. Andrew Bartlett (This used to be commit de3ceab3d064a286e8662a2b9b62b212f0454156)
2007-10-10r10286: This patch is ugly and disgusting, but for now it works better than ↵Andrew Bartlett1-0/+126
the other ideas I have had. When I get a full list of things I want to do to a krb5_context I'll either add gsskrb5_ wrappers, or a way of speicfying the krb5 context per gssapi context. (I want to ensure that the only krb5_context variables created while executing Samba4 are via our wrapper). Andrew Bartlett (This used to be commit 8a22d46e70e9f863831aba0c9913d195f833d625)