summaryrefslogtreecommitdiff
path: root/source4/kdc/kdc.c
AgeCommit message (Collapse)AuthorFilesLines
2012-01-12s4-kdc Do the KDC PAC checksum validation in the Samba pluginAndrew Bartlett1-26/+3
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that we know. We cannot check the KDC signature on incoming trusts. Andrew Bartlett
2012-01-12s4-kdc: use IDL constant NETLOGON_GENERIC_KRB5_PAC_VALIDATEAndrew Bartlett1-1/+1
2011-11-30s4-kdc: Add hdb plugin for samba4, to allow kadmin to workAndrew Bartlett1-2/+1
This will help users who are used to the kadmin interface, and could be extended to import existing MIT or Heimdal keys into a Samba4 AD domain. To use, add to your krb5.conf [kdc] database = { dbname = samba4: } or [kdc] database = { dbname = samba4:/usr/local/samba/etc/smb.conf } And copy hdb_samba4.so from PREFIX/modules/hdb to your Heimdal lib directory Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Wed Nov 30 03:22:11 CET 2011 on sn-devel-104
2011-07-20s4:kdc: restore the behavior before the last heimdal importStefan Metzmacher1-8/+16
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jul 20 12:12:38 CEST 2011 on sn-devel-104
2011-07-15s4:kdc: set *_strongest_*_key to true to restore the old behaviorStefan Metzmacher1-0/+13
TODO: check why this is needed. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jul 15 12:26:25 CEST 2011 on sn-devel-104
2011-06-20libcli/util Rename common map_nt_error_from_unix to avoid duplicate symbolAndrew Bartlett1-2/+2
The two error tables need to be combined, but for now seperate the names. (As the common parts of the tree now use the _common function, errmap_unix.c must be included in the s3 autoconf build). Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
2011-06-06s4-ipv6: update callers to load_interface_list()Andrew Tridgell1-1/+1
2011-06-06s4-ipv6: use iface_list_wildcard() to listen on IPv6Andrew Tridgell1-12/+17
when we need to listen on a wildcard address, we now listen on a list of sockets, usually 0.0.0.0 and ::
2011-05-08s4-interfaces Rename interfaces code so not to conflict with source3/Andrew Bartlett1-4/+4
The iface_count, iface_n_bcast, and load_interfaces functions conflicted with functions of the same name in source3, so the source4 functions were renamed. Hopefully we can actually wrap one around the other in future. Andrew Bartlett
2011-03-19source4/kdc: Fix prototypes for all functions.Jelmer Vernooij1-0/+2
2011-03-04s4:kdc: split the kdc_tcp_proxy() logic from the main kdc logicStefan Metzmacher1-4/+123
By having kdc_tcp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_socket, kdc_process_fn_t, kdc_tcp_call and kdc_tcp_socket private to kdc.c again. metze
2011-03-04s4:kdc: split the kdc_udp_proxy() logic from the main kdc logicStefan Metzmacher1-2/+66
By having kdc_udp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_udp_call and kdc_udp_socket private to kdc.c again. metze
2011-03-04s4:kdc: add a kdc_proxy_unavailable_error() helper functionStefan Metzmacher1-0/+24
metze
2010-12-12s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer1-10/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
2010-12-01s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett1-5/+6
81fe27bcc0148d410ca4617f8759b9df1a5e935c)
2010-11-15s4-kdc update startup routines after heimdal updateAndrew Bartlett1-1/+13
We should check the errors from krb5_kdc_windc_init and we now need to additionally run krb5_kdc_pkinit_config() Andrew Bartlett
2010-11-15s4-kdc: if "bind interfaces only" is false, then also listen on wildcardAndrew Tridgell1-20/+44
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
2010-11-12s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell1-53/+53
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
2010-11-12s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell1-24/+24
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell1-1/+1
kdc.h conflicts with a heimdal header name
2010-10-30s4-smbd: don't initialise process models more than onceAndrew Tridgell1-1/+1
this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4-kdc Fix up after import of new lorikeet-heimdalAndrew Bartlett1-2/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-09-29s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett1-0/+1
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-7/+7
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-26s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 ccMatthias Dieter Wallnöfer1-2/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-3/+1
2010-02-26s4-kdc: Fixed the memory context of tstream_bsd_existing()Andreas Schneider1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-28s4:kdc remove dead code and commentsSimo Sorce1-5/+0
2010-01-28s4:kdc move db functions in their own fileSimo Sorce1-0/+1
Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28s4:kdc Use better db context structureSimo Sorce1-12/+12
This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-27s4:windc move windc plugin in its own fileSimo Sorce1-0/+1
Keep all heimdal related plugin code within wdc-samba4.c Leave only interfaces common to multiple plugins in pac-glue.c
2010-01-11Fix comment/debug messagesSimo Sorce1-4/+4
2010-01-08s4-kdc: Migrate tcp connections to tsocket.Andreas Schneider1-89/+188
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08s4:kdc: the ->process function returns "bool"Stefan Metzmacher1-9/+9
metze
2009-12-24s4:kdc: use the remote and local address from the stream_connection structStefan Metzmacher1-41/+2
metze
2009-12-23s4:cleanups More trailing spaces and tabsSimo Sorce1-45/+45
2009-12-19s4:kdc: setup the local and remote tsocket_address at accept timeStefan Metzmacher1-44/+49
metze
2009-12-19s4:kdc: convert UDP based communication to tdgram_contextStefan Metzmacher1-176/+136
metze
2009-12-15s4-kdc: Migrate to tsocket_address.Andreas Schneider1-12/+57
2009-12-01s4:kdc - Merged kdc_tcp_accept() and kpasswdd_tcp_accept().Endi S. Dewata1-26/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4:kdc - Merged kdc_add_kdc_socket() and kdc_add_kpasswd_socket().Endi S. Dewata1-75/+27
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4:kdc - Disable KDC port when it's set to 0.Endi S. Dewata1-42/+63
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+1
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-14/+14
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett1-9/+0
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett1-5/+10
This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
2009-07-27s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett1-19/+11
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-2/+4
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-03-26s4:kdc: use krb5_data_free()Stefan Metzmacher1-1/+1
metze
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze