Age | Commit message (Collapse) | Author | Files | Lines |
|
responding to
krbtgt/MY.REALM@MY.REALM
TGS ticket requests, but for the moment, these are still marked as
'server' requests by the kerberos5.c caller.
Andrew Bartlett
(This used to be commit afaee0a6b7aba3db118e6529c341c9377bc26546)
|
|
This includes many useful upstream changes, many of which should
reduce warnings in our compile.
It also includes a change to the HDB interface, which removes the need
for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch().
The new flags replace the old entry type enum.
(This required the rework in hdb-ldb.c included in this commit)
Andrew Bartlett
(This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05)
|
|
principal on strdup failure.
Andrew Bartlett
(This used to be commit d72fafc1f0089212634fc1a77352b47970e82410)
|
|
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
|
|
This is in preperation for making TLS a socket library.
Andrew Bartlett
(This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
|
|
(This used to be commit 8985093d3fba90287bd739aaaa0fbfdadca2b999)
|
|
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
|
|
system - these should be removed later on.
(This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
|
|
rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
|
|
working again.
(This used to be commit 33e4b92c46f272478b3c9e433f910dbbaab52af8)
|
|
the subsystems in question
(This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
|
|
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
|
|
metze
(This used to be commit f72e7d9dcd02f1f983b457163dee0a8df0186c79)
|
|
left now...
(This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
|
|
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
|
|
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
|
|
metze
(This used to be commit e3f6e53075b34faea6d8a3b9f75aa739e3b0bb7f)
|
|
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
|
|
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
|
|
(This used to be commit 8ca4681861e24ddf7c4abcc97a4cf0e001d13e24)
|
|
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
|
|
Andrew Bartlett
(This used to be commit ce80425f6d84e434f4562aa0be7e6e4ad2772b92)
|
|
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections
metze
(This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
|
|
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
|
|
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
|
|
file dependencies
(This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
|
|
if the 'password does not expire' flag has been set, filling in the
PAC and netlogon reply correctly if so.
Andrew Bartlett
(This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
|
|
default.
(This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
|
|
same time.
This was causing the kdc to shut itself down if 'bind interfaces only = no'.
Andrew Bartlett
(This used to be commit 02ff22a25050687478cfcca4dce35c2346cc2241)
|
|
was pointed out by Maurice Massar. It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).
Also never run the KDC unless we are a DC.
Andrew Bartlett
(This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
|
|
In particular, I've used the --leak-report-full option to smbd to
track down memory that shouldn't be on a long-term context. This is
now talloc_free()ed much earlier.
Andrew Bartlett
(This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)
|
|
Update the rootdse module to use the new schema.
Andrew Bartlett
(This used to be commit b0b150d08ac39ed486071487826da2e306db6a0b)
|
|
case) as the keytab.
This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).
Andrew Bartlett
(This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
|
|
(This used to be commit 65cf522b5e079de2cfd5fc989350cc127f6c5baa)
|
|
structure that is more generic than just 'IP/port'.
It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).
This passes 'make test' as well as kerberos use (not currently in the
testsuite).
The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again. It also removes nbt_peer_addr, which was being used
for a similar purpose.
It is a large change, but worthwhile I feel.
Andrew Bartlett
(This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
|
|
(This used to be commit 63917616016133c623fc6ff59454bc313ee7dd8f)
|
|
Andrew Bartlett
(This used to be commit 17e20930ec05f6385a8fccfc77fb0aca89ecef52)
|
|
with clients compiled against the MIT Kerberos implementation. (Which
checks for address in KRB-PRIV packets, hence my comments on socket
functions earlier today).
It also fixes the 'set password' operation to behave correctly (it was
previously a no-op).
This allows Samba3 to join Samba4. Some winbindd operations even work,
which I think is a good step forward. There is naturally a lot of work
to do, but I wanted at least the very basics of Samba3 domain membership
to be available for the tech preview.
Andrew Bartlett
(This used to be commit 4e80a557f9c68b01ac6d5bb05716fe5b3fd400d4)
|
|
is new, and has no password. It may also occour in the future if we
allow PKINIT. In any case, it shouldn't segfault :-)
Andrew Bartlett
(This used to be commit 686fea241b7a8ca286099eadfa2ed177367dafdc)
|
|
it here.
Andrew Bartlett
(This used to be commit f282fab6113cbd6a431139cbe7f021864f31c3d1)
|
|
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).
The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code. We also update the msDS-KeyVersionNumber, and the password
history. This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.
By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic. (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB. This simplfies the KDC code.).
It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e9022743210b59f19f370d772e532e0f08bfebd9)
|
|
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
|
|
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
|
|
require the isSynchronized flag in the rootDSE.
Andrew Bartlett
(This used to be commit e48464c8844b4af1976d8379aef8db9baddd3687)
|
|
allow Win2000 machines to again use kerberos with Samba4.
Andrew Bartlett
(This used to be commit 5770409dcd0151a7303b16c565b1f68845b8622d)
|
|
hdb-ldb.
Andrew Bartlett
(This used to be commit 96e124b7bb9a916bbdfbfa36d24a1dafa262c552)
|
|
interface worked, so hdb-ldb.c and the glue have been updated.
Andrew Bartlett
(This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
|
|
To avoid a circular depenency, it is not allowed to use Krb5 as an
authentication mechanism, so this must be removed from the list. An
extension to the credentials system allows this function.
Also remove proto.h use for any of the KDC, and use NTSTATUS returns
in more places.
Andrew Bartlett
(This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
|
|
metze
(This used to be commit 2fe8a643d3d01e669d40f714d58502b00e2446c5)
|
|
Andrew Bartlett
(This used to be commit 0c4ea6f6413e260a15c0afe331a066ea7051fd9f)
|