summaryrefslogtreecommitdiff
path: root/source4/kdc/db-glue.c
AgeCommit message (Collapse)AuthorFilesLines
2010-10-03s4:kdc/db-glue.c - remove unused variableMatthias Dieter Wallnöfer1-1/+0
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Oct 3 17:30:34 UTC 2010 on sn-devel-104
2010-10-03s4-kdc Remove special case kerberos restriction in the KDCAndrew Bartlett1-16/+0
We should avoid using Kerberos or any other recursive auth mechanism in ldb backends, but denying Kerberos here won't be enough, so remove the special case. (Typcially we bind using a different password space and DIGEST-MD5 or NTLM). Andrew Bartlett
2010-10-02s4-kdc Rework 'allowed encryption types' handling in the KDCAndrew Bartlett1-28/+44
All DCs and all krbtgt servers are forced to use AES, regardless of the msDS-SecondaryKrbTgtNumber value. Andrew Bartlett
2010-09-28s4-kdc: RODC DCs should be able to produce forwardable ticketsAndrew Tridgell1-1/+1
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-09-28s4-kdc Ensure that an RODC may act as a server (needed to fillAndrew Bartlett1-5/+24
the krbtgt role). Andrew Bartlett
2010-09-29s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett1-17/+48
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
2010-09-29s4-kdc Add common setup, handle RODC setup caseAndrew Bartlett1-0/+135
This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett
2010-09-29s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNOAndrew Bartlett1-1/+18
Andrew Bartlett
2010-09-16s4-kdc: prevent segfault on bad trust stringsAndrew Tridgell1-4/+8
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-08-25s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support.Günther Deschner1-7/+7
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-9/+9
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-29s4:kdc Rework the 'allowed enc types' calculationAndrew Bartlett1-41/+35
This changes the calculation to apply the allowed enc types to all uses of the key (no point allowing a weak kinit to a key the server wanted strongly protected). It also ensures that all the non-DES keys are available on the krbtgt in particular, even as it does not have a msds-SupportedEncryptionTypes attributes. Andrew Bartlett
2010-06-23s4:kdc Use msDS-SupportedEncTypes in our KDCAndrew Bartlett1-30/+54
We need to honour this, otherwise we will send AES-encrypted tickets to unprepared Kerberos targets. Andrew Bartlett
2010-06-20s4:kdc/db-glue.c - remove unreachable codeMatthias Dieter Wallnöfer1-4/+0
Would be nice if someone could check if this fits.
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-6/+5
2010-04-17s4:kdc/db-glue.c - use "TALLOC_FREE" insteal of "talloc_free" for the "priv" ↵Matthias Dieter Wallnöfer1-5/+5
context Also after a free "priv" could be != NULL and may be freed again. This should fix bug #7365.
2010-04-12s4:kdc/db-glue.c - fix integer counter typesMatthias Dieter Wallnöfer1-6/+7
2010-04-10s4:kdc Add functions to hdb-samba4 for the new s4u2self callback.Andrew Bartlett1-5/+7
For now, this shares the 'if it's the same host' system with the constrained delegation code. Andrew Bartlett
2010-02-16s4-dsdb: removed gendb_search_single_extended_dn()Andrew Tridgell1-13/+16
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-12s4:kdc Fill in created_by principal fieldSimo Sorce1-4/+7
2010-02-12s4:kdc Fix double free and uninitialized memory.Simo Sorce1-2/+13
In samba_kdc_trust_message2entry() on error, hdb_free_entry() may end up trying to access uninitialized memory or double free the hdb_entry.
2010-01-28s4:kdc Fill in more data fieldsSimo Sorce1-4/+8
2010-01-28s4:kdc move db functions in their own fileSimo Sorce1-0/+1509
Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes