summaryrefslogtreecommitdiff
path: root/source4/kdc
AgeCommit message (Collapse)AuthorFilesLines
2008-10-16Create a 'straight paper path' for UTF16 passwords.Andrew Bartlett1-11/+26
This uses a virtual attribute 'clearTextPassword' (name chosen to match references in MS-SAMR) that contains the length-limited blob containing an allegidly UTF16 password. This ensures we do no validation or filtering of the password before we get a chance to MD4 it. We can then do the required munging into UTF8, and in future implement the rules Microsoft has provided us with for invalid inputs. All layers in the process now deal with the strings as length-limited inputs, incluing the krb5 string2key calls. This commit also includes a small change to samdb_result_passwords() to ensure that LM passwords are not returned to the application logic if LM authentication is disabled. The objectClass module has been modified to allow the clearTextPassword attribute to pass down the stack. Andrew Bartlett
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij3-3/+3
2008-10-06Set default trust kvno to -1Andrew Bartlett1-1/+1
2008-10-06Fix cross-realm authentication in Samba4's KDC.Andrew Bartlett1-3/+5
2008-10-06Use the trust password version as kvno for trusts in Kerberos.Andrew Bartlett1-0/+7
2008-09-29Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc.Andrew Bartlett3-29/+44
This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett
2008-09-24Cosmetic corrections for the KERBEROS libraryMatthias Dieter Wallnöfer1-3/+3
This commit applies some cosmetic corrections for the KERBEROS library.
2008-09-24Move source4/lib/crypto to lib/crypto.Jelmer Vernooij1-1/+1
2008-09-24Rename smbd -> samba.Jelmer Vernooij1-1/+1
This reverts commit 05ea5e23cf4e70de0bd658b1c5c0ead133967091. Conflicts: source4/smbd/server.c
2008-09-23Merge ldb_search() and ldb_search_exp_fmt() into a simgle function.Simo Sorce1-8/+9
The previous ldb_search() interface made it way too easy to leak results, and being able to use a printf-like expression turns to be really useful.
2008-09-22This torture test and skipping of the server-side check was bogus.Andrew Bartlett1-3/+1
The IDL is declared to force the MessageType to 3 on output, so we instead checked the same thing 255 times... Andrew Bartlett
2008-09-22s4: allways initialize the process model before it's usedStefan Metzmacher1-1/+1
metze
2008-09-21Revert "Rename smbd -> samba."Jelmer Vernooij1-1/+1
This reverts commit 0e9008be35a5b334bd65e6417193d4b8f27bdc36.
2008-09-21Rename smbd -> samba.Jelmer Vernooij1-1/+1
2008-09-05Update copyrightAndrew Bartlett1-1/+1
(This used to be commit edea162a0e11f03b4b6069388abbca099f097386)
2008-09-03Implement NETLOGON PAC verfication on the server-sideAndrew Bartlett1-0/+112
This is implemented by means of a message to the KDC, to avoid having to link most of the KDC into netlogon. Andrew Bartlett (This used to be commit 82fcd7941f5c54da2d994c8bd99dd8d86299a296)
2008-08-28Heimdal provides Kerberos PAC parsing routines. Use them.Andrew Bartlett1-37/+7
This uses Heimdal's PAC parsing code in the: - LOCAL-PAC test - gensec_gssapi server - KDC (where is was already used, the support code refactored from here) In addition, the service and KDC checksums are recorded in the struct auth_serversupplied_info, allowing them to be extracted for validation across NETLOGON. Andrew Bartlett (This used to be commit 418b440a7b8cdb53035045f3981d47b078be6c1e)
2008-08-26kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.hStefan Metzmacher1-2/+1
metze (This used to be commit 65057f17b0d9e83f1b775afdeb7ea91ce0e52cd1)
2008-08-26Only allow the trust in the correct direction (per the flags).Andrew Bartlett1-3/+9
(This used to be commit 2c7195429411d68bc66f4100659c622df4f5a20a)
2008-08-25Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-localAndrew Bartlett1-11/+13
(This used to be commit a555334db67527b57bc6172e3d08f65caf1e6760)
2008-08-20kdc/pac-glue: pull/push the logon_info via the PAC_INFO unionStefan Metzmacher1-11/+13
This prepares the next commit... metze (This used to be commit 7d297f7fb7a3ac388390429db7cb16fa60d3f8c0)
2008-08-15Trusted domains implementation for the KDC.Andrew Bartlett1-12/+193
At this stage, only arcfour-hmac-md5 trusts are used, and all trusts are presumed bi-directional. Much more work still to be done. Andrew Bartlett (This used to be commit 3e9f5c28165e66d78c020d10b97b9dc4a0038cd8)
2008-08-08More work towards trusted domain support in the KDC.Andrew Bartlett1-25/+93
(This used to be commit c87d732b23ad7de8dc2f824bf11c9310fb4184e1)
2008-08-05Start implementind domain trusts in our KDC.Andrew Bartlett1-7/+33
Andrew Bartlett (This used to be commit 8aba7c36231e58a91fbc6b4fc24c5693353aeef9)
2008-08-01libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headersStefan Metzmacher1-2/+11
metze (This used to be commit cffed8e19e22a1fa7b7a322b153df5d54e4c3be2)
2008-08-01kdc: use mostly only public kerberos headersStefan Metzmacher3-8/+10
We shoule avoid using the private heimdal function _krb5_principalname2krb5_principal() metze (This used to be commit 10db07c69addce6e90851fb55738d5f9e142946b)
2008-08-01Revert "Start implementind domain trusts in our KDC."Stefan Metzmacher1-33/+7
This reverts commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a. This breaks the build... metze (This used to be commit afd07073b9caa4b5f7d2ad747e79afaec4203506)
2008-07-31Start implementind domain trusts in our KDC.Andrew Bartlett1-7/+33
Andrew Bartlett (This used to be commit 736ce50afd9da9b5fbc3db777fd5341dfa4b721a)
2008-07-24hdb-ldb: fix the callers after drsblobs.idl changesStefan Metzmacher1-45/+30
metze (This used to be commit 1223cd17c79d130b46b0e0ccb0f6011c92441173)
2008-07-23hdb-ldb: try to find Primary:Kerberos-Newer-Keys and fallback to ↵Stefan Metzmacher1-16/+114
Primary:Kerberos Now provide AES tickets if we find the keys in the supplementalCredentials attribute metze (This used to be commit 8300259f103f8cfe014988fad0f7ee0d49bb1ac2)
2008-07-23hdb-ldb: check the SUPPLEMENTAL_CREDENTIALS_SIGNATUREStefan Metzmacher1-0/+6
metze (This used to be commit 7219740ef434091617c6bb727374251987ff2a62)
2008-07-23hdb-ldb: fix comment about paddingStefan Metzmacher1-1/+1
metze (This used to be commit ca28d05b11e602e0f98cda0e02f973562c199dc6)
2008-07-23hdb-ldb: fix crash bug in the error pathStefan Metzmacher1-0/+1
metze (This used to be commit ac02d6a0f765e3b66fb6796f129edb1a348ecd84)
2008-06-04kdc: we don't need any *_locl.h header from heimdal in the kdcStefan Metzmacher5-9/+5
metze (This used to be commit feca16dd6d03730b4a67adf5d912ba2d5e1a3025)
2008-05-31Revert Jelmer's CFLAGS commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6cAndrew Bartlett1-2/+1
This commit broke the build, because not all files (libreplace, popt) were updated. Andrew Bartlett (This used to be commit 3faacf4351d68a10aea78b53768571d2059772ae)
2008-05-30Move CFLAGS handling out of smb_build.Jelmer Vernooij1-1/+2
(This used to be commit e2b71a0ecbf10a78a59a8ec6371bdee57b1bfa6c)
2008-05-18Fix a couple (well, little more than that..) of typos.Jelmer Vernooij1-1/+1
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
2008-05-18Create prototype headers from Makefile directory, without smb_build in the ↵Jelmer Vernooij1-1/+1
middle. (This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-2/+2
(This used to be commit 56bb2907c67d55967f54ce74b029f05067a187c5)
2008-04-25Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3Jelmer Vernooij3-6/+8
Conflicts: source/Makefile source/auth/config.mk source/auth/gensec/config.mk source/build/m4/public.m4 source/build/make/python.mk source/build/make/rules.mk source/build/smb_build/header.pm source/build/smb_build/main.pl source/build/smb_build/makefile.pm source/dsdb/config.mk source/dsdb/samdb/ldb_modules/config.mk source/kdc/config.mk source/lib/events/config.mk source/lib/events/events.c source/lib/ldb/config.mk source/lib/nss_wrapper/config.mk source/lib/policy/config.mk source/lib/util/config.mk source/libcli/smb2/config.mk source/libnet/config.mk source/librpc/config.mk source/nbt_server/config.mk source/ntptr/ntptr_base.c source/ntvfs/posix/config.mk source/ntvfs/sysdep/config.mk source/param/config.mk source/rpc_server/config.mk source/rpc_server/service_rpc.c source/scripting/ejs/config.mk source/scripting/python/config.mk source/smb_server/config.mk source/smbd/server.c source/torture/config.mk source/torture/smb2/config.mk source/wrepl_server/config.mk (This used to be commit 13bbd420681519894a4036729c43273912c9b402)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij3-5/+7
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-17Remove event context tracking from the credentials struct.Jelmer Vernooij1-1/+1
(This used to be commit 4d7fc946b2ec50e774689c9036423b6feef99b8e)
2008-04-14Move object files lists to makefile rather than smb_build.Jelmer Vernooij1-8/+5
(This used to be commit 5628d58990144463fd87f8c847c9384ac2193681)
2008-03-28Merge v4.0-testJelmer Vernooij3-21/+53
(This used to be commit 977dbdeaf363c8905ed9fd0570eba4be80582833)
2008-03-25Remove useless extra argument to samdb_result_account_expires().Andrew Bartlett1-1/+1
Andrew Bartlett (This used to be commit bc607c334ff86624b891886a6f874da2bcff113e)
2008-03-19Remove unused variable.Andrew Bartlett1-1/+0
(This used to be commit 1de21f5fdd9e377801af25b7ce461bdf7a16e1de)
2008-03-19Merge branch 'v4-0-logon' of git://git.id10ts.net/samba into 4-0-localAndrew Bartlett1-17/+50
(This used to be commit 8252b51850f108aa8f43ec25c752a411c32f9764)
2008-03-19Merge lorikeet-heimdal -r 787 into Samba4 tree.Andrew Bartlett1-3/+3
Andrew Bartlett (This used to be commit d88b530522d3cef67c24422bd5182fb875d87ee2)
2008-03-13kdc: Provide extended error information in AS-REP error replies.Andrew Kroeger1-17/+50
This change utilizes the addition of the e_data parameter to the windc_plugin in the heimdal code to pass extended information back to the client. The extended information is provided in an e-data block as part of the kerberos error message, and allows the client to determine which specific error condition occurred. (This used to be commit 502466ba950bfd104518b9eb9586896c1e076343)
2008-03-08Fix the build.Jelmer Vernooij1-1/+1
(This used to be commit f2e49744717eb46bbfafeea9e2eb412a38a142e7)