summaryrefslogtreecommitdiff
path: root/source4/kdc
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15497: I'm not really sure this is correct in terms of how we should be ↵Andrew Bartlett1-0/+4
responding to krbtgt/MY.REALM@MY.REALM TGS ticket requests, but for the moment, these are still marked as 'server' requests by the kerberos5.c caller. Andrew Bartlett (This used to be commit afaee0a6b7aba3db118e6529c341c9377bc26546)
2007-10-10r15481: Update heimdal/ to match current lorikeet-heimdal.Andrew Bartlett1-161/+199
This includes many useful upstream changes, many of which should reduce warnings in our compile. It also includes a change to the HDB interface, which removes the need for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch(). The new flags replace the old entry type enum. (This required the rework in hdb-ldb.c included in this commit) Andrew Bartlett (This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05)
2007-10-10r15480: Patch from lha, to ensure we don't leave a free()'ed element in theAndrew Bartlett1-3/+1
principal on strdup failure. Andrew Bartlett (This used to be commit d72fafc1f0089212634fc1a77352b47970e82410)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij1-1/+1
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-2/+2
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15338: Fix build of most things with shared libs enabled.Jelmer Vernooij1-1/+1
(This used to be commit 8985093d3fba90287bd739aaaa0fbfdadca2b999)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+1
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15301: Use static libraries internally. This required a few hacks in the buildJelmer Vernooij1-1/+3
system - these should be removed later on. (This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-1/+1
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15270: Rename EXTRA_CFLAGS to CFLAGS - initial work on getting DSO's ↵Jelmer Vernooij1-1/+1
working again. (This used to be commit 33e4b92c46f272478b3c9e433f910dbbaab52af8)
2007-10-10r15223: Move heimdal's -I parameters from the global list of includes toJelmer Vernooij1-1/+2
the subsystems in question (This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-2/+2
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14856: fix bugs noticed by the ibm code checkerStefan Metzmacher1-8/+10
metze (This used to be commit f72e7d9dcd02f1f983b457163dee0a8df0186c79)
2007-10-10r14571: More improvements on shared library support in Samba. Only ldb is ↵Jelmer Vernooij1-1/+1
left now... (This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
2007-10-10r14567: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14537: remove used fileStefan Metzmacher1-339/+0
metze (This used to be commit e3f6e53075b34faea6d8a3b9f75aa739e3b0bb7f)
2007-10-10r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.Jelmer Vernooij2-3/+0
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14427: don't reference short_princ after it is freedAndrew Tridgell1-1/+1
(This used to be commit 8ca4681861e24ddf7c4abcc97a4cf0e001d13e24)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14203: Include less private heimdal headers.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit ce80425f6d84e434f4562aa0be7e6e4ad2772b92)
2007-10-10r14079: I just found the setproctitle library from alt linux:-)Stefan Metzmacher1-0/+2
- add set_title hook to the process models - use setproctitle library in process_model standard if available - the the title for the task servers and on connections metze (This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-2/+2
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13926: More header splitups.Jelmer Vernooij1-0/+1
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij3-1/+5
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13910: Fix the 'your password has expired' on every login. We now considerAndrew Bartlett1-7/+5
if the 'password does not expire' flag has been set, filling in the PAC and netlogon reply correctly if so. Andrew Bartlett (This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij1-0/+1
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r13516: We can't bind to both 0.0.0.0 and specific network interfaces at theAndrew Bartlett1-7/+0
same time. This was causing the kdc to shut itself down if 'bind interfaces only = no'. Andrew Bartlett (This used to be commit 02ff22a25050687478cfcca4dce35c2346cc2241)
2007-10-10r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. ThisAndrew Bartlett1-9/+24
was pointed out by Maurice Massar. It ensures we get the addresses for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over localhost). Also never run the KDC unless we are a DC. Andrew Bartlett (This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
2007-10-10r13252: Cleanup, both in code, comments and talloc use:Andrew Bartlett1-23/+12
In particular, I've used the --leak-report-full option to smbd to track down memory that shouldn't be on a long-term context. This is now talloc_free()ed much earlier. Andrew Bartlett (This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)
2007-10-10r13207: Use the new API for using/not using kerbeors in hdb-ldb.cAndrew Bartlett1-5/+3
Update the rootdse module to use the new schema. Andrew Bartlett (This used to be commit b0b150d08ac39ed486071487826da2e306db6a0b)
2007-10-10r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in ourAndrew Bartlett5-9/+45
case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2007-10-10r13069: adding a hack on instructions from andrewAndrew Tridgell1-1/+2
(This used to be commit 65cf522b5e079de2cfd5fc989350cc127f6c5baa)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett3-58/+38
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12696: Reduce the size of include/structs.hJelmer Vernooij1-0/+2
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
2007-10-10r12683: Fix declaration and initialisation placement.Andrew Bartlett1-5/+6
Andrew Bartlett (This used to be commit 17e20930ec05f6385a8fccfc77fb0aca89ecef52)
2007-10-10r12682: This patch finally fixes our kpasswdd implementation to be compatibleAndrew Bartlett3-60/+177
with clients compiled against the MIT Kerberos implementation. (Which checks for address in KRB-PRIV packets, hence my comments on socket functions earlier today). It also fixes the 'set password' operation to behave correctly (it was previously a no-op). This allows Samba3 to join Samba4. Some winbindd operations even work, which I think is a good step forward. There is naturally a lot of work to do, but I wanted at least the very basics of Samba3 domain membership to be available for the tech preview. Andrew Bartlett (This used to be commit 4e80a557f9c68b01ac6d5bb05716fe5b3fd400d4)
2007-10-10r12681: Allow an entry to have no kerberos keys. This occours when an entryAndrew Bartlett1-16/+24
is new, and has no password. It may also occour in the future if we allow PKINIT. In any case, it shouldn't segfault :-) Andrew Bartlett (This used to be commit 686fea241b7a8ca286099eadfa2ed177367dafdc)
2007-10-10r12631: Now we have fixed the provision script, we don't need to work aroundAndrew Bartlett1-1/+1
it here. Andrew Bartlett (This used to be commit f282fab6113cbd6a431139cbe7f021864f31c3d1)
2007-10-10r12599: This new LDB module (and associated changes) allows Samba4 to operateAndrew Bartlett1-100/+20
using pre-calculated passwords for all kerberos key types. (Previously we could only use these for the NT# type). The module handles all of the hash/string2key tasks for all parts of Samba, which was previously in the rpc_server/samr/samr_password.c code. We also update the msDS-KeyVersionNumber, and the password history. This new module can be called at provision time, which ensures we start with a database that is consistent in this respect. By ensuring that the krb5key attribute is the only one we need to retrieve, this also simplifies the run-time KDC logic. (Each value of the multi-valued attribute is encoded as a 'Key' in ASN.1, using the definition from Heimdal's HDB. This simplfies the KDC code.). It is hoped that this will speed up the KDC enough that it can again operate under valgrind. (This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij2-0/+2
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij2-2/+2
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12383: Fixes for Apple's AD client. Don't segfualt in the KDC, and theyAndrew Bartlett1-6/+8
require the isSynchronized flag in the rootDSE. Andrew Bartlett (This used to be commit e48464c8844b4af1976d8379aef8db9baddd3687)
2007-10-10r12362: Along with a cracknames change in the previous commit, this shouldAndrew Bartlett1-9/+15
allow Win2000 machines to again use kerberos with Samba4. Andrew Bartlett (This used to be commit 5770409dcd0151a7303b16c565b1f68845b8622d)
2007-10-10r12327: ENT_TYPE_ANY isn't used anywhere in Samba4, so don't implement it in ↵Andrew Bartlett1-21/+7
hdb-ldb. Andrew Bartlett (This used to be commit 96e124b7bb9a916bbdfbfa36d24a1dafa262c552)
2007-10-10r12269: Update to current lorikeet-heimdal. This changed the way the hdbAndrew Bartlett3-108/+95
interface worked, so hdb-ldb.c and the glue have been updated. Andrew Bartlett (This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
2007-10-10r12179: Allow our KDC to use LDAP to get to the backend database.Andrew Bartlett5-23/+49
To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2007-10-10r12121: remove some dublicate codeStefan Metzmacher1-44/+19
metze (This used to be commit 2fe8a643d3d01e669d40f714d58502b00e2446c5)
2007-10-10r12036: Fix more KDC memory leaks (and there are probably still more...).Andrew Bartlett1-0/+4
Andrew Bartlett (This used to be commit 0c4ea6f6413e260a15c0afe331a066ea7051fd9f)