summaryrefslogtreecommitdiff
path: root/source4/kdc
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r19664: fix compiler warnings...Stefan Metzmacher2-19/+19
should _krb5_find_type_in_ad() also take a const? metze (This used to be commit addc31bd9309cb2b41cbb548c82c80de1cf96c4f)
2007-10-10r19662: windows 2003 kdc's only rewrite the realm to the full form,Stefan Metzmacher1-27/+1
when the client is using the netbios domain name as realm. we should match this and not rewrite the principal. This matches what windows give: metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./kinit administrator@SERNOXDOM4 administrator@SERNOXDOM4's Password: metze@SERNOX:~/prefix/lorikeet-heimdal/bin> ./klist Credentials cache: FILE:/tmp/krb5cc_10000 Principal: administrator@SERNOXDOM4.MX.BASE Issued Expires Principal Nov 11 13:37:52 Nov 11 23:37:52 krbtgt/SERNOXDOM4@SERNOXDOM4.MX.BASE Note: I need to disable the principal checks in heimdal's _krb5_extract_ticket() for the kinit to work. Any ideas how to change heimdal to support this. For the service principal we should use the realm and principal in req->kdc_rep.enc_part instead of the unencrypted req->kdc.ticket.sname and req->kdc.ticket.realm to have a trusted value. I'm not sure what we can do with the client realm... metze (This used to be commit cfee02143f06ed6ff5832e95fa69634f5dd883da)
2007-10-10r19604: This is a massive commit, and I appologise in advance for it's size.Andrew Bartlett5-12/+26
This merges Samba4 with lorikeet-heimdal, which itself has been tracking Heimdal CVS for the past couple of weeks. This is such a big change because Heimdal reorganised it's internal structures, with the mechglue merge, and because many of our 'wishes' have been granted: we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code. We have adapted to upstream's choice of API in these cases. In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO PAC. This matches windows behavour. We also have an option to require the PAC to be present (which allows us to automate the testing of this code). This also includes a restructure of how the kerberos dependencies are handled, due to the fallout of the merge. Andrew Bartlett (This used to be commit 4826f1735197c2a471d771495e6d4c1051b4c471)
2007-10-10r19598: Ahead of a merge to current lorikeet-heimdal:Andrew Bartlett2-0/+5
Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9)
2007-10-10r19299: Fix possible memleaksSimo Sorce1-4/+1
(This used to be commit 6fad80bb09113a60689061a2de67711c9924708b)
2007-10-10r18827: I forgot to commit this:Andrew Bartlett1-1/+2
Make kpasswdd use the new prototype for _krb5_principalname2krb5_principal() Andrew Bartlett (This used to be commit 989f40ea027328cdaa31dc89ce52b2243b4aad76)
2007-10-10r18636: Excessive testing with pam_winbind within Samba3 revealed a new samrGünther Deschner1-0/+3
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which is different from SAMR_REJECT_COMPLEXITY. torture test to follow as well. Guenther (This used to be commit 7513748208214339e764cc990aa1dbbcf864975a)
2007-10-10r17930: Merge noinclude branch:Jelmer Vernooij4-4/+4
* Move dlinklist.h, smb.h to subsystem-specific directories * Clean up ads.h and move what is left of it to dsdb/ (only place where it's used) (This used to be commit f7afa1cb77f3cfa7020b57de12e6003db7cfcc42)
2007-10-10r17824: add a wrapper for the common partitions_basedn calculationAndrew Tridgell1-2/+2
(This used to be commit 09007b0907662a0d147e8eb21d5bdfc90dbffefc)
2007-10-10r17586: merge lib/netif into lib/socket and use -lnsl -lsocket on theStefan Metzmacher1-1/+1
configure check for the interfaces. should fix the build on some old sun boxes metze (This used to be commit f20e251bfd9f1eb7ce5c00739631b1625a2aa467)
2007-10-10r17516: Change helper function names to make more clear what they are meant ↵Simo Sorce2-10/+10
to do (This used to be commit ad75cf869550af66119d0293503024d41d834e02)
2007-10-10r17341: pass a messaging context to auth_context_create()Stefan Metzmacher1-3/+2
and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710)
2007-10-10r16964: Remove extra debugs no longer required in a working KDCAndrew Bartlett1-26/+21
Implement the 'DES only' flag. Andrew Bartlett (This used to be commit 9d42bb4b3d2a45da02f0525386468161494852cd)
2007-10-10r16237: Use an appropriate basedn for these searches, so they occour into theAndrew Bartlett1-2/+4
correct partition. Andrew Bartlett (This used to be commit f661dafe4edcd017a8d3bda1a40ff8b0d7a1348e)
2007-10-10r16056: Fix errors found by trying to use our kpasswd server and the Apple ↵Andrew Bartlett1-4/+1
client. Andrew Bartlett (This used to be commit ae2913898c983dcba69b5d0b89c428e450e9bf5f)
2007-10-10r15883: Make sure timegm() prototype is available (on systems where we've had toJim McDonough1-0/+1
replace it) (This used to be commit eef117e4454ed5faeddfc0b18bd4f0128c922f36)
2007-10-10r15853: started the process of removing the warnings now thatAndrew Tridgell1-2/+1
talloc_set_destructor() is type safe. The end result will be lots less use of void*, and less calls to talloc_get_type() (This used to be commit 6b4c085b862c0932b80b93e316396a53b993544c)
2007-10-10r15830: fixed two kdc memory leaksAndrew Tridgell2-14/+8
(This used to be commit cc290ece92196d2bdf39eaa9d3bb4a0af6ec782c)
2007-10-10r15573: Fix build of systems that have iconv headers in non-standard locationsJelmer Vernooij1-1/+0
Split of system/locale.h header from system/iconv.h Previously, iconv wasn't being used on these systems (This used to be commit aa6d66fda69779d1c2948a1aca85dbd5208f1cba)
2007-10-10r15497: I'm not really sure this is correct in terms of how we should be ↵Andrew Bartlett1-0/+4
responding to krbtgt/MY.REALM@MY.REALM TGS ticket requests, but for the moment, these are still marked as 'server' requests by the kerberos5.c caller. Andrew Bartlett (This used to be commit afaee0a6b7aba3db118e6529c341c9377bc26546)
2007-10-10r15481: Update heimdal/ to match current lorikeet-heimdal.Andrew Bartlett1-161/+199
This includes many useful upstream changes, many of which should reduce warnings in our compile. It also includes a change to the HDB interface, which removes the need for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch(). The new flags replace the old entry type enum. (This required the rework in hdb-ldb.c included in this commit) Andrew Bartlett (This used to be commit ef5604b87744c89e66e4d845f45b23563754ec05)
2007-10-10r15480: Patch from lha, to ensure we don't leave a free()'ed element in theAndrew Bartlett1-3/+1
principal on strdup failure. Andrew Bartlett (This used to be commit d72fafc1f0089212634fc1a77352b47970e82410)
2007-10-10r15379: Fix shared library build's unresolved dependenciesJelmer Vernooij1-1/+1
(This used to be commit 0fafa2e59566f8f892d7dfd7dd33d0100b96a780)
2007-10-10r15356: Remove unused 'flags' argument from socket_send() and friends.Andrew Bartlett1-2/+2
This is in preperation for making TLS a socket library. Andrew Bartlett (This used to be commit a312812b92f5ac7e6bd2c4af725dbbbc900d4452)
2007-10-10r15338: Fix build of most things with shared libs enabled.Jelmer Vernooij1-1/+1
(This used to be commit 8985093d3fba90287bd739aaaa0fbfdadca2b999)
2007-10-10r15328: Move some functions around, remove dependencies.Jelmer Vernooij1-1/+1
Remove some autogenerated headers (which had prototypes now autogenerated by pidl) Remove ndr_security.h from a few places - it's no longer necessary (This used to be commit c19c2b51d3e1ad347120b06a22bda5ec586c22e8)
2007-10-10r15301: Use static libraries internally. This required a few hacks in the buildJelmer Vernooij1-1/+3
system - these should be removed later on. (This used to be commit 06547391669e064d2b92f5841b7df5f101a34cb9)
2007-10-10r15297: Move create_security_token() to samdb as it requires SAMDB (and the ↵Jelmer Vernooij1-1/+1
rest of LIBSECURITY doesn't) Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal Some other dependency fixes (This used to be commit 5b3ab728edfc9cdd9eee16ad0fe6dfd4b5ced630)
2007-10-10r15270: Rename EXTRA_CFLAGS to CFLAGS - initial work on getting DSO's ↵Jelmer Vernooij1-1/+1
working again. (This used to be commit 33e4b92c46f272478b3c9e433f910dbbaab52af8)
2007-10-10r15223: Move heimdal's -I parameters from the global list of includes toJelmer Vernooij1-1/+2
the subsystems in question (This used to be commit 2fbb4d91fa580ccb64e36f0b082f23af33123b13)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-2/+2
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r14856: fix bugs noticed by the ibm code checkerStefan Metzmacher1-8/+10
metze (This used to be commit f72e7d9dcd02f1f983b457163dee0a8df0186c79)
2007-10-10r14571: More improvements on shared library support in Samba. Only ldb is ↵Jelmer Vernooij1-1/+1
left now... (This used to be commit e71cca7f0cec62357eba6ba02d13f1c3f04edaa7)
2007-10-10r14567: Make some more functions public.Jelmer Vernooij1-1/+1
(This used to be commit 8e84e6cb6b172c89072723e07f344da8f4476c1f)
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij1-0/+1
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14537: remove used fileStefan Metzmacher1-339/+0
metze (This used to be commit e3f6e53075b34faea6d8a3b9f75aa739e3b0bb7f)
2007-10-10r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.Jelmer Vernooij2-3/+0
(This used to be commit 9c37f847d32d2f327a88c53a90af0c73126b76be)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-0/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14427: don't reference short_princ after it is freedAndrew Tridgell1-1/+1
(This used to be commit 8ca4681861e24ddf7c4abcc97a4cf0e001d13e24)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij1-0/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14203: Include less private heimdal headers.Andrew Bartlett1-1/+5
Andrew Bartlett (This used to be commit ce80425f6d84e434f4562aa0be7e6e4ad2772b92)
2007-10-10r14079: I just found the setproctitle library from alt linux:-)Stefan Metzmacher1-0/+2
- add set_title hook to the process models - use setproctitle library in process_model standard if available - the the title for the task servers and on connections metze (This used to be commit 526f20bbecc9bbd607595637c15fc4001d3f0c70)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-2/+2
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13926: More header splitups.Jelmer Vernooij1-0/+1
(This used to be commit 930daa9f416ecba1d75b8ad46bb42e336545672f)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij3-1/+5
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13910: Fix the 'your password has expired' on every login. We now considerAndrew Bartlett1-7/+5
if the 'password does not expire' flag has been set, filling in the PAC and netlogon reply correctly if so. Andrew Bartlett (This used to be commit c530ab5dc6865c422382bc0afa7a86f7ec1acdf2)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij1-0/+1
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r13516: We can't bind to both 0.0.0.0 and specific network interfaces at theAndrew Bartlett1-7/+0
same time. This was causing the kdc to shut itself down if 'bind interfaces only = no'. Andrew Bartlett (This used to be commit 02ff22a25050687478cfcca4dce35c2346cc2241)
2007-10-10r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. ThisAndrew Bartlett1-9/+24
was pointed out by Maurice Massar. It ensures we get the addresses for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over localhost). Also never run the KDC unless we are a DC. Andrew Bartlett (This used to be commit c17007918459678004a009ccaa50fb85e8b6a739)
2007-10-10r13252: Cleanup, both in code, comments and talloc use:Andrew Bartlett1-23/+12
In particular, I've used the --leak-report-full option to smbd to track down memory that shouldn't be on a long-term context. This is now talloc_free()ed much earlier. Andrew Bartlett (This used to be commit c6eb74f42989d62c82d2a219251837b09df8491c)