summaryrefslogtreecommitdiff
path: root/source4/kdc
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r8586: register the kdc with irpc so we can tell that it is upAndrew Tridgell1-0/+3
(This used to be commit 093bbae1c391a999131f249b3aa9a9e3ce99a555)
2007-10-10r8520: fixed a pile of warnings from the build farm gcc -Wall output onAndrew Tridgell2-4/+7
S390. This is an attempt to avoid the panic we're seeing in the automatic builds. The main fixes are: - assumptions that sizeof(size_t) == sizeof(int), mostly in printf formats - use of NULL format statements to perform dn searches. - assumption that sizeof() returns an int (This used to be commit a58ea6b3854973b694d2b1e22323ed7eb00e3a3f)
2007-10-10r8511: This 'can't happen', but GCC gives warnings because it thinks it can.Andrew Bartlett1-2/+6
Andrew Bartlett (This used to be commit 40088b9566e8f63897958fc99d99dedb38e0cb69)
2007-10-10r8363: - we need to correct the realm for the krbtgt/NETBIOSDOMAINREALMStefan Metzmacher1-7/+24
into krbtgt/DNS.DOMAIN.REALM too with this a windows client asks for the correct ticket when you try to login (but it's still not working correct, as some how we mess up the dns host name of the client and it asks for the wrong service principal) - fix some compiler wranings - fix some debug messages metze (This used to be commit c4c93eeec20ceb062d37f392139a5ef8bbb626f5)
2007-10-10r8249: Clarify (with a comment) why we are playing these games here.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit 33dcbe938df532e63b9c02c2b6cef11090021481)
2007-10-10r8181: Allow host/foo.realm/realm@REALM requests, assuming that the realmAndrew Bartlett1-1/+9
forms both differ only in case. We may need a better solution than this later. Andrew Bartlett (This used to be commit a0ad13f5bceb17c1b856548825e5509921b409f0)
2007-10-10r8161: Update Samba4 for the new Heimdal update.Andrew Bartlett2-2/+2
Andrew Bartlett (This used to be commit 6a9b6373273f135fe012a6603707d77c2a65e9fa)
2007-10-10r8110: More PAC work. I still can't get WinXP to accept the PAC, but we areAndrew Bartlett1-2/+10
much closer. This changes PIDL to allow a subcontext to have a pad8 flag, saying to pad behind to an 8 byte boundary. This is the only way I can explain the 4 trainling zeros in the signature struct. Far more importantly, the PAC code is now under self-test, both in creating/parsing our own PAC, but also a PAC from my win2k3 server. This required changing auth_anonymous, because I wanted to reuse the anonymous 'server_info' generation code. I'm still having trouble with PIDL, particulary as surrounds value(), but I'll follow up on the list. Andrew Bartlett (This used to be commit 50a54bf4e9bf04d2a8e0aebb3482a2ff655c8bbb)
2007-10-10r8013: Remember to add the header containing the prototype for the pacAndrew Bartlett2-0/+8
generating function... Andrew Bartlett (This used to be commit 707cf5fba8e5652043d392d3ee77d042eb9c3a90)
2007-10-10r8001: Also fill in the krbtgt checksum, and make sure to put the rightAndrew Bartlett1-3/+4
checksum in the right place... Andrew Bartlett (This used to be commit 90d0f502da20add6784c883b2085cde519604933)
2007-10-10r7993: Further work on the Krb5 PAC.Andrew Bartlett5-7/+93
We now generate the PAC, and can verifiy both our own PAC and the PAC from Win2k3. This commit adds the PAC generation code, spits out the code to get the information we need from the NETLOGON server back into a auth/ helper function, and adds a number of glue functions. In the process of building the PAC generation code, some hints in the Microsoft PAC specification shed light on other parts of the code, and the updates to samr.idl and netlogon.idl come from those hints. Also in this commit: The Heimdal build package has been split up, so as to only link the KDC with smbd, not the client utils. To enable the PAC to be veified with gensec_krb5 (which isn't quite dead yet), the keyblock has been passed back to the calling layer. Andrew Bartlett (This used to be commit e2015671c2f7501f832ff402873ffe6e53b89466)
2007-10-10r7969: It seems reasonable that our tickets be marked renewable, in theAndrew Bartlett1-0/+2
absense of an apparent AD flag to control this behaviour. Andrew Bartlett (This used to be commit 9886aa6f0e64cdb30774bfba3f2c683a3dbec9c4)
2007-10-10r7911: task_terminate() is defined in the macosx headers, so change the nameAndrew Tridgell1-7/+7
to task_server_terminate() (This used to be commit a7447e25ac203f0ee09ffdf72df1094eb70e7c0c)
2007-10-10r7765: Thanks to Maurice Massar <massar@unix-ag.uni-kl.de> for spotting thatAndrew Bartlett1-1/+1
I missed one spot in moving from hdb_ent_type to the internal-to-hdb-ldb hdb_ldb_ent_type, which results in a Kerberos: Server has invalid flag set -- krbtgt/....@.... on kinit. Andrew Bartlett (This used to be commit 2358e0c0e4f2a3db78a8db360abc296f98bcb549)
2007-10-10r7680: Move to using our own private enum for the principal type inside theAndrew Bartlett1-30/+40
hdb-ldb module. This removes the need for the KRBTGT case to exist in the broader heimdal code. Andrew Bartlett (This used to be commit fb83465dbccae8af5eb26f735e60f3f40e944446)
2007-10-10r7651: Only convert SERVER requests to KRBTGT requests.Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit a948e743bbc691798e6a956b35d8e09cfc91f988)
2007-10-10r7520: Fix memory leak in hdb-ldb.cAndrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 7f6a7f7fc521f41c811c51fb692f408dc570f4cd)
2007-10-10r7508: Fix memory leak of outgoing packets in the KDC.Andrew Bartlett1-0/+3
Andrew Bartlett (This used to be commit 6f7bb00c7e59444cde0c25b6f83e1c335d86ee32)
2007-10-10r7484: the previous bug can also affect the kdcAndrew Tridgell1-1/+2
(This used to be commit ee8bf9db4a619b40ae71b5e97ea7640483587573)
2007-10-10r7352: the internal heimdal build change. This changes quite a few things:Andrew Tridgell3-3/+3
- if you want kerberos now, you need to unpack a lorikeet heimdal tree in source/heimdal/. If source/heimdal/ does not exist at configure time then all kerberos features are disabled. You cannot use an external kerberos library for now. That may change later. - moved lib/replace/ config stuff to lib/replace/ and create a lib/replace/replace.h. That allows the heimdal build to use our portability layer, and prevenets duplicate definitions of functions like strlcat() - if you do enable heimdal, then you will need to do 'make HEIMDAL_EXTERNAL' before you build Samba. That should be fixed once I explain the problem to jelmer (the problem is the inability to set a depend without also dragging in the object list of the dependency. We need this for building the heimdal asn1 compiler and et compiler. - disabled all of the m4 checks for external kerberos libraries. I left them in place in auth/kerberos/, but disabled it in configure.in some of the heimdal_build/ code is still very rough, for example I don't correctly detect the correct awk, flex, bison replacements for heimdal_build/build_external.sh. I expect to fix that stuff up over the next few days. (This used to be commit d4648249b2c7fc8b5e7c0fc8d8f92ae043b5691f)
2007-10-10r7304: Make the libkdc actually work:Andrew Bartlett3-58/+11
- Remove (some) excess logging - use samdb_connect() to hook into the right handling for multiple tdb handles - move the connect to the server startup, rather than per-packet. - Fix config.mk dependency Tested with a WinXP domain join. Andrew Bartlett (This used to be commit 13cf51612d91385c6df5deadbf126bcc583f797d)
2007-10-10r7303: autodetect the libkdc and our kdc supportStefan Metzmacher2-1/+6
btw: I use this for configuring heimdal >>> CONFIG="CFLAGS=\"-g -O -Wall -Wstrict-prototypes -Wpointer-arith -Wcast-align -Wwrite-strings -Wdeclaration-after-statement\" \ CC=gcc-4.0 \ ./configure -C --prefix=$HOME/prefix/heimdal-test \ --sysconfdir=/etc \ --enable-shared=no \ --with-ldb=$HOME/prefix/ldb \ --without-openldap \ --without-openssl $@" echo $CONFIG eval $CONFIG >>> maybe you also want to use --disable-berkeley-db metze (This used to be commit 2aec140e00770df78ba31ef91109634ce0aa3d8a)
2007-10-10r7297: make the code more readableStefan Metzmacher1-6/+8
metze (This used to be commit f9b4448ec536ea23699d959bcf44e359d5c4ba23)
2007-10-10r7272: this is a sample mk file for building a heimdal library using theAndrew Tridgell1-0/+340
samba4 build system. It assumes we have source/heimdal/ with a current lorikeet heimdal tree. I haven't enabled this, its just an example of one possible approach to heimdal integration. (This used to be commit 0835d6a0d9490b79caabdda39b6fa0404bb2225f)
2007-10-10r7270: A big revamp to the way we handle kerberos errors in Samba4. We nowAndrew Bartlett3-11/+8
fill in the function pointers to handle the logging, and catch all the kerberos warnings. (Currently at level 3). To avoid a memory leak, this requries a new function: krb5_freelog(), which I've added to lorikeet/heimdal. This also required a revamp to how we handle the krb5_context, so as to make it easier to handle with talloc destructors. Andrew Bartlett (This used to be commit 63272794c41231b335b73e7ccf349282f295c4d2)
2007-10-10r7264: fix up the socket handling for abartlet. Still only udp, but it won'tAndrew Tridgell4-44/+80
be hard to do tcp as well. (This used to be commit 7cbb95d3f55dbaf9ca606655377682841e4c534d)
2007-10-10r7259: Move the recv handler out into a seperate function (suggestion fromAndrew Bartlett1-51/+72
tridge) Andrew Bartlett (This used to be commit 6329f2ee369533839d209a1c86fe7949a4037fbe)
2007-10-10r7241: The KDC almost links...Andrew Bartlett4-6/+1132
Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2007-10-10r7221: Add the start of a KDC service (to be built on a 'libkdc' from a to beAndrew Bartlett3-0/+246
included Heimdal) to Samba4. Andrew Bartlett (This used to be commit 51ba3ea60c265b837821b6c3e031dfe229c10d6a)