Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
By having kdc_tcp_proxy_send/recv(), which just asks any writeable
dc for a reponse blob, we simplify the interaction between
client-local and local-writeable sockets.
This allows us to make kdc_socket, kdc_process_fn_t, kdc_tcp_call and kdc_tcp_socket
private to kdc.c again.
metze
|
|
By having kdc_udp_proxy_send/recv(), which just asks any writeable
dc for a reponse blob, we simplify the interaction between
client-local and local-writeable sockets.
This allows us to make kdc_udp_call and kdc_udp_socket private to
kdc.c again.
metze
|
|
metze
|
|
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
|
|
81fe27bcc0148d410ca4617f8759b9df1a5e935c)
|
|
We should check the errors from krb5_kdc_windc_init and we now need to
additionally run krb5_kdc_pkinit_config()
Andrew Bartlett
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
|
|
when we are an RODC and we get a request for a principal that we don't
have the right secrets for, we need to proxy the request to a
writeable DC. This happens for both TCP and UDP requests, for both
krb5 and kpasswd
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
|
|
this is in preparation for doing forwarding of packets for RODCs
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
kdc.h conflicts with a heimdal header name
|
|
this also removes the event_context parameter from process model
initialisation. It isn't needed, and is confusing when a process model
init can be called from more than one place, possibly with different
event contexts.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
|
|
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
Keep all heimdal related plugin code within hdb_samba4.c
Move interfaces needed by multiple plugins in db-glue.c
Move sequence context in main db context so that we do
not depend on db->hdb_dbc in the common code.
Remove unnecessary paremeters from function prototypes
|
|
This allows to use a common structure not tied to hdb_samba4
Also allows to avoid many casts within hdb_samba4 functions
This is the first step to abstract samba kdc databse functions
so they can be used by the MIT forthcoming plugin.
|
|
Keep all heimdal related plugin code within wdc-samba4.c
Leave only interfaces common to multiple plugins in pac-glue.c
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
|
|
metze
|
|
metze
|
|
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
|
|
When one of our core tasks fails to initialise it can now ask for the
server as a whole to die, rather than limping along in a degraded
state.
|
|
It is much easier to do decryption with wireshark when the keytab is
available for every host in the domain. Running 'net export keytab
<keytab name>' will export the current (as pointed to by the supplied
smb.conf) local Samba4 doamin.
(This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4,
and so has a good chance of keeping working in the long term).
Andrew Bartlett
|
|
This overloads the 'name' part of the keytab name to supply a context
pointer, and so avoids 3 global variables!
To do this, we had to stop putting the entry for kpasswd into the
secrets.ldb. (I don't consider this a big loss, and any entry left
there by an upgrade will be harmless).
Andrew Bartlett
|
|
This removes the last use of the prefix hdb_ldb and makes it clear
that we pass in 3 global variables to get state information into
hdb_samba4 when used as a keytab. (And that they belong to
hdb_samba4, not to the KDC)
Andrew Bartlett
|
|
904d0124b46eed7a8ad6e5b73e892ff34b6865ba)
Also including the supporting changes required to pass make test
A number of heimdal functions and constants have changed since we last
imported a tree (for the better, but inconvenient for us).
Andrew Bartlett
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
metze
|
|
We supply this to krb5 as a plugin, so we must keep it around as long
as the krb5_context.
Andrew Bartlett
|
|
|
|
This avoids one more custom patch to the Heimdal code, and provides a
more standard way to produce hdb plugins in future.
I've renamed from hdb_ldb to hdb_samba4 as it really is not generic
ldb.
Andrew Bartlett
|
|
The IDL is declared to force the MessageType to 3 on output, so we
instead checked the same thing 255 times...
Andrew Bartlett
|
|
metze
|