| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
|
|
This means we just set up the system_session etc in one place
and don't diverge between the MIT and Heimdal plugins.
We also now determine if we are an RODC and store some details
that we will need later.
Andrew Bartlett
|
|
This is important, as we must ignore the PAC from an RODC.
Andrew Bartlett
|
|
Andrew Bartlett
|
|
this prevents too much recursion in the compiler preprocessor
|
|
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Also remove bogus trustCurrentPasswords struct which we just had because our IDL
was incorrect.
Guenther
|
|
struct dom_sid
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
|
|
This makes the structure more like Samba3's NT_USER_TOKEN
|
|
Now it's finally possible that the user can change his password with a DSDB
connection using his credentials.
NOTICE: I had to extract the old password from the SAMDB since I was unable to
find it somewhere else (authinfo for example).
|
|
password sets
|
|
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
This changes the calculation to apply the allowed enc types to all
uses of the key (no point allowing a weak kinit to a key the server
wanted strongly protected). It also ensures that all the non-DES keys
are available on the krbtgt in particular, even as it does not have a
msds-SupportedEncryptionTypes attributes.
Andrew Bartlett
|
|
|
|
|
|
"heimdal/waf: Initial work on making it possible to use the system"
as the hdb_check_s4u2self function handling is incorrect.
This reverts commit b099631f428d0ecc641d59bd3c94674e6348dde9.
|
|
We need to honour this, otherwise we will send AES-encrypted tickets
to unprepared Kerberos targets.
Andrew Bartlett
|
|
Would be nice if someone could check if this fits.
|
|
heimdal again.
Still missing are the detection of the right Heimdal version and
linking (unresolved symbols at the moment).
|
|
I can see no reason not to just let this go with the talloc tree that
created it, and avoid a talloc_free with references.
Andrew Bartlett
|
|
recompiled by waf.
|
|
|
|
|
|
Adapt the two functions for the restructured "password_hash" module. This
means that basically all checks are now performed in the mentioned module.
An exception consists in the SAMR password change calls since they need very
precise NTSTATUS return codes on wrong constraints ("samr_password.c") file
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
context
Also after a free "priv" could be != NULL and may be freed again.
This should fix bug #7365.
|
|
|
|
|
|
For now, this shares the 'if it's the same host' system with the
constrained delegation code.
Andrew Bartlett
|
|
them
|
|
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
|
|
|
|
Apparently AD supports setting a password on a servicePrincipalName,
not just a user principal name. This should fix (part of) the join of
OpenSolaris's internal CIFS server to Samba4 as reported by Bug #7273
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>
|
|
Use dsdb_search_one() instead, which allows for arbitrary controls
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This allows for controls to be added easily where they are needed.
|
|
|
|
In samba_kdc_trust_message2entry() on error, hdb_free_entry()
may end up trying to access uninitialized memory or double
free the hdb_entry.
|
|
Move the core to pac-glue so that other plugins can use it.
|
|
The code was looping but always checking only the first address.
|
|
|
|
|
|
Keep all heimdal related plugin code within hdb_samba4.c
Move interfaces needed by multiple plugins in db-glue.c
Move sequence context in main db context so that we do
not depend on db->hdb_dbc in the common code.
Remove unnecessary paremeters from function prototypes
|
|
Renames hdb_samba4_private to samba_kdc_entry
Streamlines members of the entry and the kdc db contextto avoid
unnecessary duplication.
|
|
This allows to use a common structure not tied to hdb_samba4
Also allows to avoid many casts within hdb_samba4 functions
This is the first step to abstract samba kdc databse functions
so they can be used by the MIT forthcoming plugin.
|
|
Keep all heimdal related plugin code within wdc-samba4.c
Leave only interfaces common to multiple plugins in pac-glue.c
|
