summaryrefslogtreecommitdiff
path: root/source4/kdc/config.mk
AgeCommit message (Collapse)AuthorFilesLines
2010-01-28s4:kdc move db functions in their own fileSimo Sorce1-1/+13
Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-27s4:windc move windc plugin in its own fileSimo Sorce1-3/+15
Keep all heimdal related plugin code within wdc-samba4.c Leave only interfaces common to multiple plugins in pac-glue.c
2010-01-22s4:kdc Simplify header filesSimo Sorce1-1/+0
2010-01-08s4:kdc: use LIBSAMBA_TSOCKETStefan Metzmacher1-1/+1
metze
2009-12-19s4:kdc: convert UDP based communication to tdgram_contextStefan Metzmacher1-1/+2
metze
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett1-3/+15
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27Revert "s4:kerberos Add 'net export keytab' command for wireshark decryption"Stefan Metzmacher1-14/+2
This reverts commit a40ce5d0d9d06f592a8885162bbaf644006b9f0f. This breaks the build... Andrew, please repush it, when it's fixed:-) metze
2009-07-27s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett1-2/+14
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-05-26Don't use crossRef records to find our own domainAndrew Bartlett1-2/+2
A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2008-12-22s4: Fix subsystem for various services in samba daemon.Jelmer Vernooij1-1/+1
2008-09-29Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.Andrew Bartlett1-4/+4
This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett
2008-09-24Rename smbd -> samba.Jelmer Vernooij1-1/+1
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
2008-08-01kdc: use mostly only public kerberos headersStefan Metzmacher1-3/+3
We shoule avoid using the private heimdal function _krb5_principalname2krb5_principal() metze (This used to be commit 10db07c69addce6e90851fb55738d5f9e142946b)
2008-05-31Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6cAndrew Bartlett1-2/+1
This commit broke the build, because not all files (libreplace, popt) were updated. Andrew Bartlett (This used to be commit 3faacf4351d68a10aea78b53768571d2059772ae)
2008-05-30Move CFLAGS handling out of smb_build.Jelmer Vernooij1-1/+2
(This used to be commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c)
2008-05-18Fix a couple (well, little more than that..) of typos.Jelmer Vernooij1-1/+1
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
2008-05-18Create prototype headers from Makefile directory, without smb_build in the ↵Jelmer Vernooij1-1/+1
middle. (This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-2/+2
(This used to be commit 56bb2907c67d55967f54ce74b029f05067a187c5)
2008-03-08Fix the build.Jelmer Vernooij1-1/+1
(This used to be commit f2e49744717eb46bbfafeea9e2eb412a38a142e7)
2008-03-04Fix the build.Jelmer Vernooij1-2/+2
(This used to be commit 49ef8d0c197fa61dc5c524e4a0f569af72d3c0e9)
2008-03-03Move object file lists to the Makefile.Jelmer Vernooij1-6/+3
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
2008-02-18Fix unresolved symbols.Jelmer Vernooij1-1/+2
(This used to be commit dbcecb6d8fe3e13cc4da003adeda7623b746b751)
2007-12-21r26504: Don't rely on system-provided kerberos headers.Jelmer Vernooij1-1/+1
(This used to be commit c4b1df047663519300370508761c70b0c096b7f2)
2007-12-21r26357: Add separate subsystem for auth_sam_reply parsing.Jelmer Vernooij1-1/+1
(This used to be commit 2d61e7c96e249d7031b709e9f727626a78e435f1)
2007-10-10r22762: Some ldb_map changes:Jelmer Vernooij1-2/+2
* Change license to LGPL, so it can be used by non-Samba users of LDB (cleared with Martin as well). * Include ldb_map in standalone build. * Move ldb_map to its own directory (This used to be commit a90202abca26c0da5425a2f3dd8494077c3290fd)
2007-10-10r22403: this dependencies should be privateStefan Metzmacher1-2/+2
metze (This used to be commit c3cc03ffb290cb7c1eba51e98c52e5e7c1aba5fb)
2007-10-10r20661: the golden rule: "make things private if possible!"Stefan Metzmacher1-1/+1
fix 'make install' because no entry was in the headermap metze (This used to be commit 2a9d6d381d991977be10b525c88fb279237bafd9)
2007-10-10r20639: Commit part 1 of 2.Andrew Bartlett1-0/+1
This patch updates our build system and glue to support a new snapshot of lorikeet-heimdal. We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend on that in the heimdal_build/config.mk. This is much easier than listing every generated .o file individually. This required some small changes to the build system, due to the way the parent directory was handled for the output of scripts. I've also cleaned up et_deps.pl to handle cleaning up it's generated files on clean. The PAC glue in Heimdal has changed significantly: we no longer have a custom hack in the KDC, instead we have the windc plugin interface. As such, pac-glue.c is much smaller. In the future, when I'm confident of the new code, we will also be able to 'downsize' auth/kerberos/kerberos_pac.c. (I'll include the updated copy of heimdal in the next chekin, to make it clearer what's changed in Samba4 itself). Andrew Bartlett (This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij1-1/+1
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15338: Fix build of most things with shared libs enabled.Jelmer Vernooij1-1/+1
(This used to be commit 8985093d3fba90287bd739aaaa0fbfdadca2b999)
2007-10-10r15301: Use static libraries internally. This required a few hacks in the buildJelmer Vernooij1-1/+3
system - these should be removed later on. (This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-1/+1
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15270: Rename EXTRA_CFLAGS to CFLAGS - initial work on getting DSO's ↵Jelmer Vernooij1-1/+1
working again. (This used to be commit 33e4b92c46f272478b3c9e433f910dbbaab52af8)
2007-10-10r15223: Move heimdal's -I parameters from the global list of includes toJelmer Vernooij1-1/+2
the subsystems in question (This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-2/+2
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14571: More improvements on shared library support in Samba. Only ldb is ↵Jelmer Vernooij1-1/+1
left now... (This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
2007-10-10r14567: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
2007-10-10r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.Jelmer Vernooij1-2/+0
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-2/+2
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett1-2/+13
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12179: Allow our KDC to use LDAP to get to the backend database.Andrew Bartlett1-0/+1
To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-4/+4
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11239: Use ${REALM} for the realm in rootdse.ldifAndrew Bartlett1-1/+2
Add the kpasswd server to our KDC, implementing the 'original' and Microsoft versions of the protocol. This works with the Heimdal kpasswd client, but not with MIT, I think due to ordering issues. It may not be worth the pain to have this code go via GENSEC, as it is very, very tied to krb5. This gets us one step closer to joins from Apple, Samba3 and other similar implementations. Andrew Bartlett (This used to be commit ab5dbbe10a162286aa6694c7e08de43b48e34cdb)
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett1-1/+2
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7352: the internal heimdal build change. This changes quite a few things:Andrew Tridgell1-1/+1
- if you want kerberos now, you need to unpack a lorikeet heimdal tree in source/heimdal/. If source/heimdal/ does not exist at configure time then all kerberos features are disabled. You cannot use an external kerberos library for now. That may change later. - moved lib/replace/ config stuff to lib/replace/ and create a lib/replace/replace.h. That allows the heimdal build to use our portability layer, and prevenets duplicate definitions of functions like strlcat() - if you do enable heimdal, then you will need to do 'make HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once I explain the problem to jelmer (the problem is the inability to set a depend without also dragging in the object list of the dependency. We need this for building the heimdal asn1 compiler and et compiler. - disabled all of the m4 checks for external kerberos libraries. I left them in place in auth/kerberos/, but disabled it in configure.in some of the heimdal_build/ code is still very rough, for example I don't correctly detect the correct awk, flex, bison replacements for heimdal_build/build_external.sh. I expect to fix that stuff up over the next few days. (This used to be commit d4648249b2c7fc8b5e7c0fc8d8f92ae043b5691f)
2007-10-10r7304: Make the libkdc actually work:Andrew Bartlett1-1/+1
- Remove (some) excess logging - use samdb_connect() to hook into the right handling for multiple tdb handles - move the connect to the server startup, rather than per-packet. - Fix config.mk dependency Tested with a WinXP domain join. Andrew Bartlett (This used to be commit 13cf51612d91385c6df5deadbf126bcc583f797d)
2007-10-10r7303: autodetect the libkdc and our kdc supportStefan Metzmacher1-1/+1
btw: I use this for configuring heimdal >>> CONFIG="CFLAGS=\"-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement\" \ CC=gcc-4.0 \ ./configure -C --prefix=$HOME/prefix/heimdal-test \ --sysconfdir=/etc \ --enable-shared=no \ --with-ldb=$HOME/prefix/ldb \ --without-openldap \ --without-openssl $@" echo $CONFIG eval $CONFIG >>> maybe you also want to use --disable-berkeley-db metze (This used to be commit 2aec140e00770df78ba31ef91109634ce0aa3d8a)
2007-10-10r7264: fix up the socket handling for abartlet. Still only udp, but it won'tAndrew Tridgell1-3/+3
be hard to do tcp as well. (This used to be commit 7cbb95d3f55dbaf9ca606655377682841e4c534d)
2007-10-10r7241: The KDC almost links...Andrew Bartlett1-1/+2
Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)