Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-10-03 | s4-kdc Remove special case kerberos restriction in the KDC | Andrew Bartlett | 1 | -16/+0 | |
We should avoid using Kerberos or any other recursive auth mechanism in ldb backends, but denying Kerberos here won't be enough, so remove the special case. (Typcially we bind using a different password space and DIGEST-MD5 or NTLM). Andrew Bartlett | |||||
2010-10-03 | s4-kdc Fix up after import of new lorikeet-heimdal | Andrew Bartlett | 2 | -4/+19 | |
Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104 | |||||
2010-10-02 | s4-kdc Rework 'allowed encryption types' handling in the KDC | Andrew Bartlett | 1 | -28/+44 | |
All DCs and all krbtgt servers are forced to use AES, regardless of the msDS-SecondaryKrbTgtNumber value. Andrew Bartlett | |||||
2010-09-28 | s4-kdc: RODC DCs should be able to produce forwardable tickets | Andrew Tridgell | 1 | -1/+1 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-09-28 | s4-kdc Ensure that an RODC may act as a server (needed to fill | Andrew Bartlett | 1 | -5/+24 | |
the krbtgt role). Andrew Bartlett | |||||
2010-09-29 | s4-kdc Handle the case where we may be given a ticket from an RODC in db layer | Andrew Bartlett | 6 | -37/+83 | |
This includes rewriting the PAC if the original krbtgt isn't to be trusted, and reading different entries from the DB for the krbtgt depending on the krbtgt number. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add common setup, handle RODC setup case | Andrew Bartlett | 5 | -73/+156 | |
This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Add function to determine if a hdb entry is a RODC | Andrew Bartlett | 2 | -0/+18 | |
This is important, as we must ignore the PAC from an RODC. Andrew Bartlett | |||||
2010-09-29 | s4-kdc Use msDS-SecondaryKrbTgtNumber to fill in the full KVNO | Andrew Bartlett | 1 | -1/+18 | |
Andrew Bartlett | |||||
2010-09-27 | s4-kdc: added ifdef guards in kdc.h | Andrew Tridgell | 1 | -0/+5 | |
this prevents too much recursion in the compiler preprocessor | |||||
2010-09-16 | s4-kdc: prevent segfault on bad trust strings | Andrew Tridgell | 1 | -4/+8 | |
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-08-25 | s4-trusts: fix trustDomainPasswords drsblobs IDL and server side support. | Günther Deschner | 1 | -7/+7 | |
Also remove bogus trustCurrentPasswords struct which we just had because our IDL was incorrect. Guenther | |||||
2010-08-23 | s4:security Change struct security_token->sids from struct dom_sid * to ↵ | Andrew Bartlett | 1 | -3/+3 | |
struct dom_sid This makes the structure much more like NT_USER_TOKEN in the source3/ code. (The remaining changes are that privilages still need to be merged) Andrew Bartlett | |||||
2010-08-18 | s4:security Remove use of user_sid and group_sid from struct security_token | Andrew Bartlett | 1 | -3/+3 | |
This makes the structure more like Samba3's NT_USER_TOKEN | |||||
2010-08-17 | s4:kdc/kpasswdd.c - let the user change his own password with his own rights | Matthias Dieter Wallnöfer | 1 | -3/+44 | |
Now it's finally possible that the user can change his password with a DSDB connection using his credentials. NOTICE: I had to extract the old password from the SAMDB since I was unable to find it somewhere else (authinfo for example). | |||||
2010-08-17 | s4:kdc/rpc server - adapt the "samdb_set_password" calls which perform ↵ | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
password sets | |||||
2010-07-16 | s4-loadparm: 2nd half of lp_ to lpcfg_ conversion | Andrew Tridgell | 5 | -23/+23 | |
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-06-29 | s4:kdc Rework the 'allowed enc types' calculation | Andrew Bartlett | 1 | -41/+35 | |
This changes the calculation to apply the allowed enc types to all uses of the key (no point allowing a weak kinit to a key the server wanted strongly protected). It also ensures that all the non-DES keys are available on the krbtgt in particular, even as it does not have a msds-SupportedEncryptionTypes attributes. Andrew Bartlett | |||||
2010-06-26 | s4:kdc/kdc.c - add cast to suppress warnings on Solaris 10 cc | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2010-06-26 | s4:kdc/kpasswdd.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -2/+0 | |
2010-06-23 | Per Andrews request, revert | Jelmer Vernooij | 1 | -2/+0 | |
"heimdal/waf: Initial work on making it possible to use the system" as the hdb_check_s4u2self function handling is incorrect. This reverts commit b099631f428d0ecc641d59bd3c94674e6348dde9. | |||||
2010-06-23 | s4:kdc Use msDS-SupportedEncTypes in our KDC | Andrew Bartlett | 1 | -30/+54 | |
We need to honour this, otherwise we will send AES-encrypted tickets to unprepared Kerberos targets. Andrew Bartlett | |||||
2010-06-20 | s4:kdc/db-glue.c - remove unreachable code | Matthias Dieter Wallnöfer | 1 | -4/+0 | |
Would be nice if someone could check if this fits. | |||||
2010-06-19 | heimdal/waf: Initial work on making it possible to use the system | Jelmer Vernooij | 1 | -0/+2 | |
heimdal again. Still missing are the detection of the right Heimdal version and linking (unresolved symbols at the moment). | |||||
2010-05-28 | s4:kdc Remove special talloc_free of the ldb context | Andrew Bartlett | 2 | -11/+1 | |
I can see no reason not to just let this go with the talloc tree that created it, and avoid a talloc_free with references. Andrew Bartlett | |||||
2010-05-18 | Remove more usages of iconv_convenience in files which were apparently not ↵ | Jelmer Vernooij | 1 | -1/+0 | |
recompiled by waf. | |||||
2010-05-18 | s3: Remove use of iconv_convenience. | Jelmer Vernooij | 4 | -6/+0 | |
2010-05-18 | Finish removal of iconv_convenience in public API's. | Jelmer Vernooij | 3 | -17/+10 | |
2010-05-10 | s4:samdb_set_password/samdb_set_password_sid - Rework | Matthias Dieter Wallnöfer | 1 | -31/+4 | |
Adapt the two functions for the restructured "password_hash" module. This means that basically all checks are now performed in the mentioned module. An exception consists in the SAMR password change calls since they need very precise NTSTATUS return codes on wrong constraints ("samr_password.c") file | |||||
2010-04-27 | Simple fix to prevent crash for non-pac principals | Marcel Ritter | 1 | -0/+5 | |
Signed-off-by: Andrew Bartlett <abartlet@samba.org> | |||||
2010-04-17 | s4:kdc/db-glue.c - use "TALLOC_FREE" insteal of "talloc_free" for the "priv" ↵ | Matthias Dieter Wallnöfer | 1 | -5/+5 | |
context Also after a free "priv" could be != NULL and may be freed again. This should fix bug #7365. | |||||
2010-04-12 | s4:kdc/wdc-samba4.c - fix integer counter types | Matthias Dieter Wallnöfer | 1 | -1/+2 | |
2010-04-12 | s4:kdc/db-glue.c - fix integer counter types | Matthias Dieter Wallnöfer | 1 | -6/+7 | |
2010-04-10 | s4:kdc Add functions to hdb-samba4 for the new s4u2self callback. | Andrew Bartlett | 4 | -18/+21 | |
For now, this shares the 'if it's the same host' system with the constrained delegation code. Andrew Bartlett | |||||
2010-04-06 | s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵ | Andrew Tridgell | 1 | -0/+2 | |
them | |||||
2010-04-06 | build: waf quicktest nearly works | Andrew Tridgell | 1 | -5/+6 | |
Rewrote wafsamba using a new dependency handling system, and started adding the waf test code | |||||
2010-04-06 | build: commit all the waf build files in the tree | Andrew Tridgell | 1 | -0/+53 | |
2010-03-25 | s4:kdc Add support for changing password of a servicePrincipalName | Andrew Bartlett | 1 | -10/+32 | |
Apparently AD supports setting a password on a servicePrincipalName, not just a user principal name. This should fix (part of) the join of OpenSolaris's internal CIFS server to Samba4 as reported by Bug #7273 Andrew Bartlett | |||||
2010-02-26 | s4-kdc: Fixed the memory context of tstream_bsd_existing() | Andreas Schneider | 1 | -1/+1 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-02-25 | s4:kdc add mit plugin code | Simo Sorce | 3 | -0/+459 | |
2010-02-25 | s4:kdc make function static | Simo Sorce | 2 | -6/+1 | |
2010-02-22 | More spelling fixes across source4/ | Brad Hards | 1 | -1/+1 | |
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | |||||
2010-02-22 | Various source4 spelling fixes. | Brad Hards | 1 | -1/+1 | |
Signed-off-by: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | |||||
2010-02-16 | s4-dsdb: removed gendb_search_single_extended_dn() | Andrew Tridgell | 1 | -13/+16 | |
Use dsdb_search_one() instead, which allows for arbitrary controls Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-16 | s4-dsdb: change samdb_replace() to dsdb_replace() and allow for dsdb_flags | Andrew Tridgell | 1 | -1/+1 | |
This allows for controls to be added easily where they are needed. | |||||
2010-02-12 | s4:kdc Fill in created_by principal field | Simo Sorce | 1 | -4/+7 | |
2010-02-12 | s4:kdc Fix double free and uninitialized memory. | Simo Sorce | 1 | -2/+13 | |
In samba_kdc_trust_message2entry() on error, hdb_free_entry() may end up trying to access uninitialized memory or double free the hdb_entry. | |||||
2010-01-31 | s4:kdc Streamline client access verification call | Simo Sorce | 3 | -70/+129 | |
Move the core to pac-glue so that other plugins can use it. | |||||
2010-01-31 | s4:kdc Fix netbios name retrieval | Simo Sorce | 1 | -2/+2 | |
The code was looping but always checking only the first address. | |||||
2010-01-28 | s4:kdc remove dead code and comments | Simo Sorce | 1 | -5/+0 | |