summaryrefslogtreecommitdiff
path: root/source4/kdc/kdc.c
AgeCommit message (Collapse)AuthorFilesLines
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett1-9/+0
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett1-5/+10
This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
2009-07-27s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett1-19/+11
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-2/+4
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-03-26s4:kdc: use krb5_data_free()Stefan Metzmacher1-1/+1
metze
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-01s4:irpc: avoid c++ reserved word 'private'Stefan Metzmacher1-1/+1
metze
2009-02-01s4:kdc: avoid c++ reserved word 'private'Stefan Metzmacher1-6/+7
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-3/+3
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29s4:kdc: pass down event_context explicitStefan Metzmacher1-0/+2
metze
2008-10-20Ensure the hdb_method structure is not on the stack.Andrew Bartlett1-5/+5
We supply this to krb5 as a plugin, so we must keep it around as long as the krb5_context. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.Andrew Bartlett1-1/+16
This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett
2008-09-22This torture test and skipping of the server-side check was bogus.Andrew Bartlett1-3/+1
The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-09-05Update copyrightAndrew Bartlett1-1/+1
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-0/+112
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-06-04kdc: we don't need any *_locl.h header from heimdal in the kdcStefan Metzmacher1-4/+1
metze (This used to be commit feca16dd6d03730b4a67adf5d912ba2d5e1a3025)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-1/+1
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-03-19Merge lorikeet-heimdal -r 787 into Samba4 tree.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
2008-02-21Remove yet more uses of global_loadparm.Jelmer Vernooij1-1/+4
(This used to be commit e01c1e87c0fe9709df7eb5b863f7ce85564174cd)
2008-02-04Remove useless layer of indirection, where every service calledAndrew Bartlett1-11/+1
task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
2008-02-04Rework service init functions to pass down service name. This isAndrew Bartlett1-1/+1
needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
2008-01-05r26672: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-3/+7
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)
2007-12-21r26402: Require a talloc context in libnetif.Jelmer Vernooij1-1/+1
(This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50)
2007-12-21r26401: Don't cache interfaces context in libnetif.Jelmer Vernooij1-6/+11
(This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153)
2007-12-21r26325: Remove use of global_loadparm in netif.Jelmer Vernooij1-3/+3
(This used to be commit e452cb28594f23add7c00247ed39e8323aea78a6)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-2/+6
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26274: Some syntax fixes, remove more global_loadparm instances.Jelmer Vernooij1-1/+2
(This used to be commit 3809113d86dbd35b906356a05bb481a1e2bfe4b7)
2007-12-21r26237: Add loadparm context to the server service interface.Jelmer Vernooij1-0/+1
(This used to be commit 1386c5c92505a950c65411b8af74d703ce023f95)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-1/+1
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-5/+5
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
2007-10-10r25548: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit 190d73b44b9b9c6dabbd26212d596d985b25edab)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-3/+3
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-4/+4
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23456: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett1-15/+16
Andrew Bartlett (This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-1/+1
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r20988: Call out to Heimdal's krb5.conf processing to configure many aspectsAndrew Bartlett1-22/+19
of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
2007-10-10r20639: Commit part 1 of 2.Andrew Bartlett1-0/+34
This patch updates our build system and glue to support a new snapshot of lorikeet-heimdal. We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend on that in the heimdal_build/config.mk. This is much easier than listing every generated .o file individually. This required some small changes to the build system, due to the way the parent directory was handled for the output of scripts. I've also cleaned up et_deps.pl to handle cleaning up it's generated files on clean. The PAC glue in Heimdal has changed significantly: we no longer have a custom hack in the KDC, instead we have the windc plugin interface. As such, pac-glue.c is much smaller. In the future, when I'm confident of the new code, we will also be able to 'downsize' auth/kerberos/kerberos_pac.c. (I'll include the updated copy of heimdal in the next chekin, to make it clearer what's changed in Samba4 itself). Andrew Bartlett (This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
2007-10-10r20152: Commit missing files from last night's commit. We no longer maintainAndrew Bartlett1-2/+1
a distinction between PDC and BDC in the configuration files, only as an entry in the ldb. Andrew Bartlett (This used to be commit dc9eee7cb37e4a6828c2cba23b0d836df9eac7b5)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-7/+17
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on theStefan Metzmacher1-1/+1
configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
2007-10-10r15830: fixed two kdc memory leaksAndrew Tridgell1-1/+1
(This used to be commit cc290ece92196d2bdf39eaa9d3bb4a0af6ec782c)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-2/+2
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r14079: I just found the setproctitle library from alt linux:-)Stefan Metzmacher1-0/+2
- add set_title hook to the process models - use setproctitle library in process_model standard if available - the the title for the task servers and on connections metze (This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
2007-10-10r13926: More header splitups.Jelmer Vernooij1-0/+1
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-1/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)