summaryrefslogtreecommitdiff
path: root/source4/kdc/kdc.c
AgeCommit message (Collapse)AuthorFilesLines
2008-10-20Ensure the hdb_method structure is not on the stack.Andrew Bartlett1-5/+5
We supply this to krb5 as a plugin, so we must keep it around as long as the krb5_context. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.Andrew Bartlett1-1/+16
This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett
2008-09-22This torture test and skipping of the server-side check was bogus.Andrew Bartlett1-3/+1
The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-09-05Update copyrightAndrew Bartlett1-1/+1
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-0/+112
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-06-04kdc: we don't need any *_locl.h header from heimdal in the kdcStefan Metzmacher1-4/+1
metze (This used to be commit feca16dd6d03730b4a67adf5d912ba2d5e1a3025)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-1/+1
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-03-19Merge lorikeet-heimdal -r 787 into Samba4 tree.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
2008-02-21Remove yet more uses of global_loadparm.Jelmer Vernooij1-1/+4
(This used to be commit e01c1e87c0fe9709df7eb5b863f7ce85564174cd)
2008-02-04Remove useless layer of indirection, where every service calledAndrew Bartlett1-11/+1
task_service_init() manually. Now this is called from service.c for all services. Andrew Bartlett (This used to be commit 9c9a4731cafd0dcf6c8523a7b06759cd4f14e4db)
2008-02-04Rework service init functions to pass down service name. This isAndrew Bartlett1-1/+1
needed to change prefork behaviour based on what service is being started. Andrew Bartlett and David Disseldorp (This used to be commit 0d830580e3539c96da3aa6c72fafe6eacd7a74a0)
2008-01-05r26672: Janitorial: Remove uses of global_loadparm.Jelmer Vernooij1-3/+7
(This used to be commit 18cd08623eaad7d2cd63b82ea5275d4dfd21cf00)
2007-12-21r26402: Require a talloc context in libnetif.Jelmer Vernooij1-1/+1
(This used to be commit a35e51871bbf1ab33fc316fa59e597b722769c50)
2007-12-21r26401: Don't cache interfaces context in libnetif.Jelmer Vernooij1-6/+11
(This used to be commit 9f975417cc66bfd4589da38bfd23731dbe0e6153)
2007-12-21r26325: Remove use of global_loadparm in netif.Jelmer Vernooij1-3/+3
(This used to be commit e452cb28594f23add7c00247ed39e8323aea78a6)
2007-12-21r26313: Fix more uses of static loadparm.Jelmer Vernooij1-2/+6
(This used to be commit 6fd0d9d3b75546d08c24c513e05b1843d5777608)
2007-12-21r26274: Some syntax fixes, remove more global_loadparm instances.Jelmer Vernooij1-1/+2
(This used to be commit 3809113d86dbd35b906356a05bb481a1e2bfe4b7)
2007-12-21r26237: Add loadparm context to the server service interface.Jelmer Vernooij1-0/+1
(This used to be commit 1386c5c92505a950c65411b8af74d703ce023f95)
2007-12-21r26233: Pass loadparm context when creating krb5 contexts.Jelmer Vernooij1-1/+1
(This used to be commit 7780bf285fdfc30f89409d0436bad0d4b6de5cd4)
2007-12-21r26229: Set loadparm context as opaque pointer in ldb, remove more uses of ↵Jelmer Vernooij1-5/+5
global_loadparm. (This used to be commit 37d05fdc7b0e6b3211ba6ae56b1b5da30a6a392a)
2007-10-10r25548: Convert to standard bool type.Jelmer Vernooij1-4/+4
(This used to be commit 190d73b44b9b9c6dabbd26212d596d985b25edab)
2007-10-10r25398: Parse loadparm context to all lp_*() functions.Jelmer Vernooij1-3/+3
(This used to be commit 3fcc960839c6e5ca4de2c3c042f12f369ac5f238)
2007-10-10r25026: Move param/param.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit abe8349f9b4387961ff3665d8c589d61cd2edf31)
2007-10-10r25001: Fix more C++ and other warnings, fix some of the indentation with ↵Jelmer Vernooij1-4/+4
ts=4 lines that I accidently added earlier. (This used to be commit 0bcb21ed740fcec0f48ad36bbc2deee2948e8fc7)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23456: Update Samba4 to current lorikeet-heimdal.Andrew Bartlett1-15/+16
Andrew Bartlett (This used to be commit ae0f81ab235c72cceb120bcdeb051a483cf3cc4f)
2007-10-10r22969: fix some more places where we could end up with more than one eventAndrew Tridgell1-1/+1
context. We now have an event context on the torture_context, and we can also get one from the cli_credentials structure (This used to be commit c0f65eb6562e13530337c23e3447a6aa6eb8fc17)
2007-10-10r20988: Call out to Heimdal's krb5.conf processing to configure many aspectsAndrew Bartlett1-22/+19
of KDC behaviour. This should allow PKINIT to be turned on and managed with reasonable sanity. This also means that the krb5.conf in the same directory as the smb.conf will always have priority in Samba4, which I think will be useful. Andrew Bartlett (This used to be commit a50bbde81b010bc5d06e3fc3417ade44627eb771)
2007-10-10r20639: Commit part 1 of 2.Andrew Bartlett1-0/+34
This patch updates our build system and glue to support a new snapshot of lorikeet-heimdal. We now procude a [SUBSYTEM] in the ans1_deps.pl script, and can depend on that in the heimdal_build/config.mk. This is much easier than listing every generated .o file individually. This required some small changes to the build system, due to the way the parent directory was handled for the output of scripts. I've also cleaned up et_deps.pl to handle cleaning up it's generated files on clean. The PAC glue in Heimdal has changed significantly: we no longer have a custom hack in the KDC, instead we have the windc plugin interface. As such, pac-glue.c is much smaller. In the future, when I'm confident of the new code, we will also be able to 'downsize' auth/kerberos/kerberos_pac.c. (I'll include the updated copy of heimdal in the next chekin, to make it clearer what's changed in Samba4 itself). Andrew Bartlett (This used to be commit 75fddbbc0811010a28ca5bb597b573b3f10ef6d6)
2007-10-10r20152: Commit missing files from last night's commit. We no longer maintainAndrew Bartlett1-2/+1
a distinction between PDC and BDC in the configuration files, only as an entry in the ldb. Andrew Bartlett (This used to be commit dc9eee7cb37e4a6828c2cba23b0d836df9eac7b5)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett1-7/+17
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij1-1/+1
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on theStefan Metzmacher1-1/+1
configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
2007-10-10r15830: fixed two kdc memory leaksAndrew Tridgell1-1/+1
(This used to be commit cc290ece92196d2bdf39eaa9d3bb4a0af6ec782c)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-2/+2
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r14079: I just found the setproctitle library from alt linux:-)Stefan Metzmacher1-0/+2
- add set_title hook to the process models - use setproctitle library in process_model standard if available - the the title for the task servers and on connections metze (This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
2007-10-10r13926: More header splitups.Jelmer Vernooij1-0/+1
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-1/+2
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13516: We can't bind to both 0.0.0.0 and specific network interfaces at theAndrew Bartlett1-7/+0
same time. This was causing the kdc to shut itself down if 'bind interfaces only = no'. Andrew Bartlett (This used to be commit 02ff22a25050687478cfcca4dce35c2346cc2241)
2007-10-10r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. ThisAndrew Bartlett1-9/+24
was pointed out by Maurice Massar. It ensures we get the addresses for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over localhost). Also never run the KDC unless we are a DC. Andrew Bartlett (This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett1-2/+7
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett1-48/+32
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12682: This patch finally fixes our kpasswdd implementation to be compatibleAndrew Bartlett1-32/+54
with clients compiled against the MIT Kerberos implementation. (Which checks for address in KRB-PRIV packets, hence my comments on socket functions earlier today). It also fixes the 'set password' operation to behave correctly (it was previously a no-op). This allows Samba3 to join Samba4. Some winbindd operations even work, which I think is a good step forward. There is naturally a lot of work to do, but I wanted at least the very basics of Samba3 domain membership to be available for the tech preview. Andrew Bartlett (This used to be commit 4e80a557f9c68b01ac6d5bb05716fe5b3fd400d4)
2007-10-10r12179: Allow our KDC to use LDAP to get to the backend database.Andrew Bartlett1-6/+4
To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2007-10-10r12121: remove some dublicate codeStefan Metzmacher1-44/+19
metze (This used to be commit 2fe8a643d3d01e669d40f714d58502b00e2446c5)
2007-10-10r11968: More warning fixes. We're on track to getting to double digits forTim Potter1-4/+4
the number of warnings generated now. (This used to be commit d479f2d7607adc698d71c5ba26932c72a26dcaab)
2007-10-10r11930: Add socket/packet handling code for kpasswddAndrew Bartlett1-3/+13
Allow ticket requests with only a netbios name to be considered 'null' addresses, and therefore allowed by default. Use the netbios address as the workstation name for the allowed workstations check with krb5. Andrew Bartlett (This used to be commit 328fa186f2df5cdd42be679d92b5f07f7ed22d87)
2007-10-10r11713: separate out the setting of the fde in the packet context from theAndrew Tridgell1-1/+2
enabling of packet serialisation (This used to be commit 6a47cd65a8b588f9ddd375c57caaba08281e7cbb)
generated by cgit (git 2.34.1) at 2024-07-06 19:40:24 +0000