summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15511: Using this name causes less warnings on the IBM checker, due to usingAndrew Bartlett1-3/+5
the original, rather than equivilant, enum type. Andrew Bartlett (This used to be commit 3d43e458a828801a294e56a1aeb74a4d7cbf9f23)
2007-10-10r15501: Allow interactive password prompting on kerberos as well.Andrew Bartlett1-0/+7
Andrew Bartlett (This used to be commit 7003c3e8dee2d2bfc391875d90eb747616cb361a)
2007-10-10r15384: Improve naming of socket library, disable Requires(.private)? fields ↵Jelmer Vernooij1-1/+1
in pkg-config files for now as they break external projects. (This used to be commit f919fd6655f00361691e676d260bd40e0b8ddcc7)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij1-1/+1
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15373: Rename SOCKET to LIBSAMBA-SOCKET to prevent name clashes with ↵Jelmer Vernooij1-1/+1
-lsocket on SUN boxes. (This used to be commit c95ad11307dc89384c10bd5919817bf12d9c1ed9)
2007-10-10r15366: Use type name rather then typedef directly - fixes build on tccJelmer Vernooij1-1/+1
(This used to be commit 76c5f377204ad158b03641258a4645a9d487fee8)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-4/+4
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15313: Fix some dependencies in dso modeJelmer Vernooij1-1/+1
(This used to be commit f0afe9e2ff16515df1b3226b479b19ea3e9c3d0c)
2007-10-10r15298: Fix the build using a few hacks in the build system.Jelmer Vernooij1-0/+1
Recursive dependencies are now forbidden (the build system will bail out if there are any). I've split up auth_sam.c into auth_sam.c and sam.c. Andrew, please rename sam.c / move its contents to whatever/wherever you think suits best. (This used to be commit 6646384aaf3e7fa2aa798c3e564b94b0617ec4d0)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij2-2/+3
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15274: Drop default EXT_LIB_ prefix for external libraries. Fixes issues ↵Jelmer Vernooij1-2/+2
with local (empty) libpopt.a overriding global one (This used to be commit 2f06305e53478e5030c24550954f221a9a97c83f)
2007-10-10r15258: Another attempt at fixing getaddrinfo on IRIXJelmer Vernooij1-0/+1
(This used to be commit 13d0cec018185d768b762ff3afc0224f307b8112)
2007-10-10r15256: Use libroken's getaddrinfo if it is not provided by the system. ShouldJelmer Vernooij2-1/+2
get the build on IRIX a bit further. (This used to be commit 47d1baf0cf719dbb1113a79bba50d4075eb06411)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+3
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-1/+1
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r14306: fixed two break errorsAndrew Tridgell1-2/+2
(This used to be commit 03da4fbcdd66982de8eb376f9f00da97d730c97f)
2007-10-10r14202: Oops. When removing a header, we need to replace it.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit d1ca106f05ad71b8aa514bf87a4267d61d9dcbf8)
2007-10-10r14201: I don't think including roken is going to be a good solution. Let'sAndrew Bartlett1-2/+0
try and find the real solution. Andrew Bartlett (This used to be commit a512d5dd258797cdb41018923502cb4998f1edfe)
2007-10-10r14180: The PAC isn't so special that it deserves a level 0 debug any more.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 2ab71ed51868da123131d8bdaa7c30ab61ae280f)
2007-10-10r13926: More header splitups.Jelmer Vernooij2-0/+3
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
2007-10-10r13844: Remove _PUBLIC_ for now as the proto script seems to make false ↵Jelmer Vernooij1-1/+1
assumptions about the data type being known. (This used to be commit 991bec80e4f20c9fac9ab5c45b0fdf6d048cda66)
2007-10-10r13842: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit aac1b99b362993352d80692afa55c38fc851c016)
2007-10-10r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.Andrew Bartlett1-0/+4
We do need the gsskrb5_get_initiator_subkey() routine. But we should ensure that we do always get a valid key, to prevent any segfaults. Without this code, we get a different session key compared with Win2k3, and so kerberised smb signing fails. Andrew Bartlett (This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett2-1/+5
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r12899: - fix warnings on AIXStefan Metzmacher1-1/+2
- fix compilation of auth/kerberos/krb5_init_context.c on AIX metze (This used to be commit 0e1ad08a8515056f4ed0923889bef04d85b84964)
2007-10-10r12863: As lha suggested to me a while back, it appears that theAndrew Bartlett1-4/+0
gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use gss_krb5_get_subkey(). This is fortunate, as there was a segfault bug in 'initiator' version. Andrew Bartlett (This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11)
2007-10-10r12808: Actually, with that we can avoid roken compleatly.Andrew Bartlett1-1/+0
Andrew Bartlett (This used to be commit 37f342b01095787d4a63a419c6ab3657680c2637)
2007-10-10r12807: I'm wondering if this might fix AIX on the build farm...Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit 8f70d6270a788494dd07430f778ee90a51551e66)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett2-26/+7
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-1/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-1/+1
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12594: Jelmer pushed some proposed header reductions to the list today. ThisAndrew Bartlett6-22/+2
commits some of these that I know to be correct in the kerberos area. Andrew Bartlett (This used to be commit 6787b3737c27f5136152b007b0ee2ae314efac3c)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-8/+7
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12422: Some kerberos comments and clarifications.Andrew Bartlett2-11/+22
Andrew Bartlett (This used to be commit 31046cd22b45de6c62c9f122a81cfc898e818308)
2007-10-10r12411: Add 'net samdump keytab <keytab>'.Andrew Bartlett1-22/+36
This extracts a remote windows domain into a keytab, suitable for use in ethereal for kerberos decryption. For the moment, like net samdump and net samsync, the 'password server' smb.conf option must be set to the binding string for the server. eg: password server = ncacn_np:mypdc Andrew Bartlett (This used to be commit 272013438f53bb168f74e09eb70fc96112b84772)
2007-10-10r12064: pass back the socket level error correctly (so we getAndrew Tridgell1-7/+2
NT_STATUS_CONNECTION_REFUSED when a KDC is not listening) (This used to be commit 0f85fc204c6018f8403c2e8f75f683aed38ba83b)
2007-10-10r12063: fixed the krb5 client code to handle ICMP port unreachable errors, andAndrew Tridgell1-17/+21
error out immediatelly. This prevents a long timeout (This used to be commit f6c0fccc06060582ef870a0ac590dabeec2f2e6a)
2007-10-10r12059: Use random keytab names (so we get different keytabs, rather thanAndrew Bartlett1-1/+15
share the MEMORY: keytab). Andrew Bartlett (This used to be commit 6c43de27086d3c463891598eb55a44877194cb0d)
2007-10-10r12056: Some clarification fixes for the keytab code, and use the rightAndrew Bartlett1-14/+15
function for enctype to string. Andrew Bartlett (This used to be commit ae6c968cb27f451e5f8cea62be7f33b4b4716f82)
2007-10-10r11994: This function no longer needs a special declaration.Andrew Bartlett1-4/+0
Andrew Bartlett (This used to be commit 88a7b7805c11cb3a1be3222d3e4b0b3ad8aff2aa)
2007-10-10r11993: As well as making an in-MEMORY keytab, allow a file-based keytab to ↵Andrew Bartlett1-98/+321
be updated. This allows a new password to be written in, and old entries removed (we keep kvno and kvno-1). Clean up the code a lot, and add comments on what it is doing... Andrew Bartlett (This used to be commit 0a911baabad60a43741269d29a96fdd74e54331a)
2007-10-10r11940: Love has clarified why this code does what it does.Andrew Bartlett1-8/+0
Andrew Bartlett (This used to be commit 9b3dedbc0bb12897a8f9bd4ec864de26b3835981)
2007-10-10r11928: More Kerberos musings...Andrew Bartlett1-20/+64
Andrew Bartlett (This used to be commit 571f9c9c51b93946d23f2b35ef76ac881994b8cc)
2007-10-10r11601: try to fix the build on IRIX 6.5 us4Stefan Metzmacher1-0/+3
abartlet, tridge, lha: is there a better way? metze (This used to be commit b2b4969bdcdd85b1093d91184ff10eff9f74e550)
2007-10-10r11543: A major upgrade to our KDC and PAC handling.Andrew Bartlett2-8/+30
We now put the PAC in the AS-REP, so that the client has it in the TGT. We then validate it (and re-sign it) on a TGS-REQ, ie when the client wants a ticket. This should also allow us to interop with windows KDCs. If we get an invalid PAC at the TGS stage, we just drop it. I'm slowly trying to move the application logic out of hdb-ldb.c, and back in with the rest of Samba's auth system, for consistancy. This continues that trend. Andrew Bartlett (This used to be commit 36973b1eef7db5983cce76ba241e54d5f925c69c)
2007-10-10r11538: More notes on things we need.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 890ad0412b9ee285fa25e8bab785a960a201057e)
2007-10-10r11452: Update Heimdal to current lorikeet, including removing the ccache sideAndrew Bartlett1-0/+10
of the gsskrb5_acquire_cred hack. Add support for delegated credentials into the auth and credentials subsystem, and specifically into gensec_gssapi. Add the CIFS NTVFS handler as a consumer of delegated credentials, when no user/domain/password is specified. Andrew Bartlett (This used to be commit 55b89899adb692d90e63873ccdf80b9f94a6b448)
2007-10-10r11400: fix compiler warningsStefan Metzmacher1-5/+5
metze (This used to be commit a29a107d95b67248ccd6036084829b080c892e40)
2007-10-10r11350: Add some debugs to assist tracking down kerberos issues in future.Andrew Bartlett1-2/+26
(Make it easy to see what was put into the keytab, so we can tell when gssapi screams that it can't pull it out). Andrew Bartlett (This used to be commit c56142c4ac7541fc30bdf4c77e34f5a50d80da76)