summaryrefslogtreecommitdiff
path: root/source4/kdc/kdc.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-19source4/kdc: Fix prototypes for all functions.Jelmer Vernooij1-0/+2
2011-03-04s4:kdc: split the kdc_tcp_proxy() logic from the main kdc logicStefan Metzmacher1-4/+123
By having kdc_tcp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_socket, kdc_process_fn_t, kdc_tcp_call and kdc_tcp_socket private to kdc.c again. metze
2011-03-04s4:kdc: split the kdc_udp_proxy() logic from the main kdc logicStefan Metzmacher1-2/+66
By having kdc_udp_proxy_send/recv(), which just asks any writeable dc for a reponse blob, we simplify the interaction between client-local and local-writeable sockets. This allows us to make kdc_udp_call and kdc_udp_socket private to kdc.c again. metze
2011-03-04s4:kdc: add a kdc_proxy_unavailable_error() helper functionStefan Metzmacher1-0/+24
metze
2010-12-12s4:kdc/*.c - minimise includesMatthias Dieter Wallnöfer1-10/+1
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
2010-12-01s4:heimdal: import lorikeet-heimdal-201012010201 (commit ↵Andrew Bartlett1-5/+6
81fe27bcc0148d410ca4617f8759b9df1a5e935c)
2010-11-15s4-kdc update startup routines after heimdal updateAndrew Bartlett1-1/+13
We should check the errors from krb5_kdc_windc_init and we now need to additionally run krb5_kdc_pkinit_config() Andrew Bartlett
2010-11-15s4-kdc: if "bind interfaces only" is false, then also listen on wildcardAndrew Tridgell1-20/+44
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Mon Nov 15 00:13:59 UTC 2010 on sn-devel-104
2010-11-12s4-kdc: added proxying of kdc requests for RODCsAndrew Tridgell1-53/+53
when we are an RODC and we get a request for a principal that we don't have the right secrets for, we need to proxy the request to a writeable DC. This happens for both TCP and UDP requests, for both krb5 and kpasswd Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Nov 12 08:03:20 UTC 2010 on sn-devel-104
2010-11-12s4-kdc: split the kdc process return into a tri-stateAndrew Tridgell1-24/+24
this is in preparation for doing forwarding of packets for RODCs Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-12s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.hAndrew Tridgell1-1/+1
kdc.h conflicts with a heimdal header name
2010-10-30s4-smbd: don't initialise process models more than onceAndrew Tridgell1-1/+1
this also removes the event_context parameter from process model initialisation. It isn't needed, and is confusing when a process model init can be called from more than one place, possibly with different event contexts. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-10-03s4-kdc Fix up after import of new lorikeet-heimdalAndrew Bartlett1-2/+1
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-09-29s4-kdc Handle the case where we may be given a ticket from an RODC in db layerAndrew Bartlett1-0/+1
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-7/+7
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-06-26s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 ccMatthias Dieter Wallnöfer1-2/+2
2010-05-18Finish removal of iconv_convenience in public API's.Jelmer Vernooij1-3/+1
2010-02-26s4-kdc: Fixed the memory context of tstream_bsd_existing()Andreas Schneider1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-28s4:kdc remove dead code and commentsSimo Sorce1-5/+0
2010-01-28s4:kdc move db functions in their own fileSimo Sorce1-0/+1
Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28s4:kdc Use better db context structureSimo Sorce1-12/+12
This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-27s4:windc move windc plugin in its own fileSimo Sorce1-0/+1
Keep all heimdal related plugin code within wdc-samba4.c Leave only interfaces common to multiple plugins in pac-glue.c
2010-01-11Fix comment/debug messagesSimo Sorce1-4/+4
2010-01-08s4-kdc: Migrate tcp connections to tsocket.Andreas Schneider1-89/+188
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-08s4:kdc: the ->process function returns "bool"Stefan Metzmacher1-9/+9
metze
2009-12-24s4:kdc: use the remote and local address from the stream_connection structStefan Metzmacher1-41/+2
metze
2009-12-23s4:cleanups More trailing spaces and tabsSimo Sorce1-45/+45
2009-12-19s4:kdc: setup the local and remote tsocket_address at accept timeStefan Metzmacher1-44/+49
metze
2009-12-19s4:kdc: convert UDP based communication to tdgram_contextStefan Metzmacher1-176/+136
metze
2009-12-15s4-kdc: Migrate to tsocket_address.Andreas Schneider1-12/+57
2009-12-01s4:kdc - Merged kdc_tcp_accept() and kpasswdd_tcp_accept().Endi S. Dewata1-26/+6
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4:kdc - Merged kdc_add_kdc_socket() and kdc_add_kpasswd_socket().Endi S. Dewata1-75/+27
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-12-01s4:kdc - Disable KDC port when it's set to 0.Endi S. Dewata1-42/+63
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+1
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-09-18s4-server: kill main daemon if a task fails to initialiseAndrew Tridgell1-14/+14
When one of our core tasks fails to initialise it can now ask for the server as a whole to die, rather than limping along in a degraded state.
2009-07-28s4:kerberos Add 'net export keytab' command for wireshark decryptionAndrew Bartlett1-9/+0
It is much easier to do decryption with wireshark when the keytab is available for every host in the domain. Running 'net export keytab <keytab name>' will export the current (as pointed to by the supplied smb.conf) local Samba4 doamin. (This uses Heimdal's 'hdb' keytab and then the existing hdb-samba4, and so has a good chance of keeping working in the long term). Andrew Bartlett
2009-07-27s4:kdc Push context to hdb_samba4 by way of the 'name' of the DBAndrew Bartlett1-5/+10
This overloads the 'name' part of the keytab name to supply a context pointer, and so avoids 3 global variables! To do this, we had to stop putting the entry for kpasswd into the secrets.ldb. (I don't consider this a big loss, and any entry left there by an upgrade will be harmless). Andrew Bartlett
2009-07-27s4:kdc Tidy up hdb_samba4 some moreAndrew Bartlett1-19/+11
This removes the last use of the prefix hdb_ldb and makes it clear that we pass in 3 global variables to get state information into hdb_samba4 when used as a keytab. (And that they belong to hdb_samba4, not to the KDC) Andrew Bartlett
2009-06-12s4:heimdal: import lorikeet-heimdal-200906080040 (commit ↵Andrew Bartlett1-2/+4
904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-03-26s4:kdc: use krb5_data_free()Stefan Metzmacher1-1/+1
metze
2009-02-02s4:service_stream: s/private/private_dataStefan Metzmacher1-4/+4
metze
2009-02-01s4:irpc: avoid c++ reserved word 'private'Stefan Metzmacher1-1/+1
metze
2009-02-01s4:kdc: avoid c++ reserved word 'private'Stefan Metzmacher1-6/+7
metze
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher1-3/+3
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-29s4:kdc: pass down event_context explicitStefan Metzmacher1-0/+2
metze
2008-10-20Ensure the hdb_method structure is not on the stack.Andrew Bartlett1-5/+5
We supply this to krb5 as a plugin, so we must keep it around as long as the krb5_context. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-29Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.Andrew Bartlett1-1/+16
This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett
2008-09-22This torture test and skipping of the server-side check was bogus.Andrew Bartlett1-3/+1
The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze