summaryrefslogtreecommitdiff
path: root/source4/auth/kerberos
AgeCommit message (Collapse)AuthorFilesLines
2008-03-28Merge v4.0-testJelmer Vernooij1-4/+4
(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)
2008-03-17Don't require users of credentials.h to have krb5.h and gssapi.hAndrew Bartlett1-4/+4
Rather than require users of Samba4's headers to have krb5-devel installed (presumably in their system paths), don't expose the minor functions which require this by default. Andrew Bartlett (This used to be commit f14737e4d2040d2f401a3b20c5e78d0d793cfc3a)
2008-03-03Move object file lists to the Makefile.Jelmer Vernooij1-6/+9
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
2008-02-21Avoid use of global_loadparm.Jelmer Vernooij2-3/+12
(This used to be commit c5a95bbe0ce55c29e135a9c6058bf192ec3bb546)
2008-01-15util: Move asn1 to lib/util to trim down the number of subsystems.Jelmer Vernooij1-1/+1
(This used to be commit 44e1cfd2d0ef62e4ee541cec00581a7151d951b3)
2008-01-01r26640: Janitorial: Remove some more uses of global_loadparm.Jelmer Vernooij1-2/+3
(This used to be commit c863f4ebde8efa1a695b4469142d6719e30bc419)
2008-01-01r26639: librpc: Pass iconv convenience on from RPC connection to NDR ↵Jelmer Vernooij1-5/+9
library, so it can be overridden by OpenChange. (This used to be commit 2f29f80e07adef1f020173f2cd6d947d0ef505ce)
2008-01-01r26638: libndr: Require explicitly specifying iconv_convenience for ↵Jelmer Vernooij1-5/+17
ndr_struct_push_blob(). (This used to be commit 61ad78ac98937ef7a9aa32075a91a1c95b7606b3)
2007-12-21r26474: Move credentials-specific kerberos file to credentials subsystem. ↵Jelmer Vernooij1-2/+1
Fixes missing symbols in some of the python bindings. (This used to be commit e26d0fff6d40899113196ac35a86a9baa10cc9c2)
2007-12-21r26460: Enable ldb python tests.Jelmer Vernooij1-1/+1
(This used to be commit 25e982453142eb7d2f68c0751d641581b46fbb49)
2007-12-21r26449: Support configuration without a known configuration dir.Jelmer Vernooij1-1/+1
(This used to be commit d3643c2152a490952e59ee15b7a62ad3ad465462)
2007-12-21r26397: Fix circular dependency in samba-socket.Jelmer Vernooij1-1/+1
(This used to be commit 801c8c766cb6a104751be8829593e0e123508134)
2007-12-21r26376: Add context for libcli_resolve.Jelmer Vernooij1-1/+2
(This used to be commit 459e1466a411d6f83b7372e248566e6e71c745fc)
2007-12-21r26357: Add separate subsystem for auth_sam_reply parsing.Jelmer Vernooij2-2/+2
(This used to be commit 2d61e7c96e249d7031b709e9f727626a78e435f1)
2007-12-21r26356: Remove prototype for nonexisting function.Jelmer Vernooij1-9/+0
(This used to be commit 2c93f8ec816afb766a0365290231d83ed11ac237)
2007-12-21r26335: Specify name_resolve_order to socket code.Jelmer Vernooij1-1/+2
(This used to be commit b03e5d00110be3f1fe5809dad4eb6ca5cea7463d)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij3-5/+9
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r25920: ndr: change NTSTAUS into enum ndr_err_code (samba4 callers)Stefan Metzmacher1-37/+55
lib/messaging/ lib/registry/ lib/ldb-samba/ librpc/rpc/ auth/auth_winbind.c auth/gensec/ auth/kerberos/ dsdb/repl/ dsdb/samdb/ dsdb/schema/ torture/ cluster/ctdb/ kdc/ ntvfs/ipc/ torture/rap/ ntvfs/ utils/getntacl.c ntptr/ smb_server/ libcli/wrepl/ wrepl_server/ libcli/cldap/ libcli/dgram/ libcli/ldap/ libcli/raw/ libcli/nbt/ libnet/ winbind/ rpc_server/ metze (This used to be commit 6223c7fddc972687eb577e04fc1c8e0604c35435)
2007-10-10r25552: Convert to standard bool type.Jelmer Vernooij2-13/+13
(This used to be commit b8d6b82f1248d36a0aa91a1c58d06b4f7c66d245)
2007-10-10r25543: Merge libreplace support for inet_pton, inet_ntop, getaddrinfo, ↵Jelmer Vernooij1-1/+1
getnameinfo (and friends) from SAMBA_3_2, with some minor tweaks: - avoid including network headers in replace.h unless absolutely required - autoconf tests for getaddrinfo() in lib/replace The heimdal-specific code also no longer looks for these functions anymore. (This used to be commit b6d3fd84a5d7d814035e60d6fa22f19bed9f77da)
2007-10-10r25446: Merge some changes I made on the way home from SFO:Jelmer Vernooij1-1/+1
2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42)
2007-10-10r25430: Add the loadparm context to all parametric options.Jelmer Vernooij1-3/+3
(This used to be commit fd697d77c9fe67a00939a1f04b35c451316fff58)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-3/+3
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25035: Fix some more warnings, use service pointer rather than service ↵Jelmer Vernooij1-3/+3
number in more places. (This used to be commit df9cebcb97e20564359097148665bd519f31bc6f)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r24712: No longer expose the 'BOOL' data type in any interfaces.Jelmer Vernooij1-3/+3
(This used to be commit 1ce32673d960c8b05b6c1b1b99e1976a402417ae)
2007-10-10r23810: Make things static, and remove unsued code.Andrew Bartlett1-96/+0
This includes some of the original ildap ldap client API. ldb provides a much easier abstraction on this to use, and doesn't use these functions. Andrew Bartlett (This used to be commit dc27a7e41c297472675e8c251bb14327a1af3902)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell8-24/+16
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23036: error checking on asn1_init() failureAndrew Tridgell1-1/+12
(This used to be commit 26cf8494084c0106ef0e1c9b6ef40eeadf945ef2)
2007-10-10r23030: finally fixed up our asn1 code to use better memory allocation. ThisAndrew Tridgell1-31/+29
should allow us to fix some long standing memory leaks. (This used to be commit 3db49c2ec9968221c1361785b94061046ecd159d)
2007-10-10r22990: free temporary memory also on success...Stefan Metzmacher1-0/+1
metze (This used to be commit 876a6ef4857a73987d1eba127161993cf07a613b)
2007-10-10r22987: Clarify how the events are handled in the kerberos code, andAndrew Bartlett1-7/+17
standardise with the rest of the code. Andrew Bartlett (This used to be commit 3aa9d70723d4377d29e33281b640499193b06c69)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell2-3/+3
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r22967: Move to the TCP packet interface for the krb5_send_to_kdc plugin.Andrew Bartlett1-108/+95
This replaces a lump of hand-crafted code with the generic packet system used in the rest of Samba4. (I started this while chasing down the epoll bug, which turned out to be seperate) (This used to be commit 2a7dec4e5dc453f509493f80fc1270416f30a36e)
2007-10-10r22961: use EVENT_FD_AUTOCLOSE and SOCKET_FLAG_NOCLOSE to fix up some hairyAndrew Tridgell1-1/+4
problems with order of socket closing in krb5 (This used to be commit 46a7d83c2b49798c6c5389c13ec2b9785c47b85b)
2007-10-10r22635: make it possible to not turn off dns canonicalization of hostnamesStefan Metzmacher1-1/+2
with krb5:set_dns_canonicalize=yes needed for the drsuapi replication, but we should fix this with a kdc locator plugin ... metze (This used to be commit f0a12355bcfab47663e62f3d8ae820815210cdc5)
2007-10-10r22602: s/HAVE_SOCKET_IPV6/HAVE_IPV6/ to match the define used by Heimdal.Jelmer Vernooij1-1/+1
(This used to be commit 5ff665b6531fdb4c7e56c49b7f923546d93b384c)
2007-10-10r22558: Move to a static list of enctypes to put into our keytab. In future,Andrew Bartlett1-59/+40
I'll allow this to be configured from the secrets.ldb, but it should fix some user issues. Andrew Bartlett (This used to be commit 0fd74ada220fb07d4ebe8c2d9b8ae50a387c2695)
2007-10-10r21175: Fix the kerberos keytab update code to handle deletes.Andrew Bartlett1-3/+2
Fix the join code to know that the ldb layer handles the keytab update. Andrew Bartlett (This used to be commit d3fbc089f4161ae71b21077d50130fdabd8b2d77)
2007-10-10r20988: Call out to Heimdal's krb5.conf processing to configure many aspectsAndrew Bartlett1-1/+28
of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
2007-10-10r20639: Commit part 1 of 2.Andrew Bartlett1-2/+0
This patch updates our build system and glue to support a new snapshot of lorikeet-heimdal. We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend on that in the heimdal_build/config.mk. This is much easier than listing every generated .o file individually. This required some small changes to the build system, due to the way the parent directory was handled for the output of scripts. I've also cleaned up et_deps.pl to handle cleaning up it's generated files on clean. The PAC glue in Heimdal has changed significantly: we no longer have a custom hack in the KDC, instead we have the windc plugin interface. As such, pac-glue.c is much smaller. In the future, when I'm confident of the new code, we will also be able to 'downsize' auth/kerberos/kerberos_pac.c. (I'll include the updated copy of heimdal in the next chekin, to make it clearer what's changed in Samba4 itself). Andrew Bartlett (This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
2007-10-10r20275: we should check for the oid the caller gave us!Stefan Metzmacher1-1/+1
metze (This used to be commit 4b9e196288f2deb3594db9ba2dd36d774e774574)
2007-10-10r20274: add missing return statement and make it more explicit that we ↵Stefan Metzmacher1-2/+3
return a NULL DATA_BLOB metze (This used to be commit 7256481f08b5e860308e73c2b51926b55b1f4c43)
2007-10-10r19677: Fix more dependencies.Jelmer Vernooij1-1/+1
(This used to be commit 17c2557834aad8c85fb640054c942f99bbce1d94)
2007-10-10r19664: fix compiler warnings...Stefan Metzmacher2-19/+19
should _krb5_find_type_in_ad() also take a const? metze (This used to be commit addc31bd9309cb2b41cbb548c82c80de1cf96c4f)
2007-10-10r19633: Merge to lorikeet-heimdal, removing krb5_rd_req_return_keyblock in ↵Andrew Bartlett3-103/+102
favour of a more tasteful replacement. Remove kerberos_verify.c, as we don't need that code any more. Replace with code for using the new krb5_rd_req_ctx() borrowed from Heimdal's accecpt_sec_context.c Andrew Bartlett (This used to be commit 13c9df1d4f0517468c80040d3756310d4dcbdd50)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett4-23/+24
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett5-17/+6
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19568: When we get back a skew error, try with no skew. This allows us toAndrew Bartlett2-42/+50
recover from inheriting an invalid skew from a ccache. Andrew Bartlett (This used to be commit 4881f0583dd42083bb2bc2eeca32316f890c4804)
2007-10-10r19523: Remove unused functions.Andrew Bartlett1-152/+0
Andrew Bartlett (This used to be commit 3a3c1040a97e1d7d64e9e151ea4e1af79dcb976e)