sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
a3af16613f
samba-mirror/source4/kdc/hdb-samba4.c

296 lines
9.0 KiB
C
Raw Normal View History

r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
/*
* Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd.
Don't use crossRef records to find our own domain A single AD server can only host a single domain, so don't stuff about with looking up our crossRef record in the cn=Partitions container. We instead trust that lp_realm() and lp_workgroup() works correctly. Andrew Bartlett
2009-05-26 06:31:39 +04:00
* Copyright (c) 2004-2009, Andrew Bartlett <abartlet@samba.org>.
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
* Copyright (c) 2004, Stefan Metzmacher <metze@samba.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of PADL Software nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "includes.h"
s4-kdc: rename kdc/kdc.h to kdc/kdc-glue.h kdc.h conflicts with a heimdal header name
2010-11-11 06:09:41 +03:00
#include "kdc/kdc-glue.h"
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
#include "kdc/db-glue.h"
s4:auth: Add password lockout support to the AD DC Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-06 01:39:42 +04:00
#include "auth/auth_sam.h"
#include <ldb.h>
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
#include "sdb.h"
#include "sdb_hdb.h"
More work towards trusted domain support in the KDC. (This used to be commit c87d732b23ad7de8dc2f824bf11c9310fb4184e1)
2008-08-08 04:35:57 +04:00
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_open(krb5_context context, HDB *db, int flags, mode_t mode)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
if (db->hdb_master_key_set) {
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-08 13:06:16 +04:00
krb5_error_code ret = HDB_ERR_NOENTRY;
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
krb5_warnx(context, "hdb_samba4_open: use of a master key incompatible with LDB\n");
krb5_set_error_message(context, ret, "hdb_samba4_open: use of a master key incompatible with LDB\n");
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-08 13:06:16 +04:00
return ret;
s4:cleanups remove trailing spaces and tabs
2009-12-23 23:08:02 +03:00
}
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
return 0;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_close(krb5_context context, HDB *db)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return 0;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_lock(krb5_context context, HDB *db, int operation)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return 0;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_unlock(krb5_context context, HDB *db)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return 0;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_rename(krb5_context context, HDB *db, const char *new_name)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return HDB_ERR_DB_INUSE;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return HDB_ERR_DB_INUSE;
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_remove(krb5_context context, HDB *db, krb5_const_principal principal)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
return HDB_ERR_DB_INUSE;
}
s4-kdc Fix up after import of new lorikeet-heimdal Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-10-02 10:55:06 +04:00
static krb5_error_code hdb_samba4_fetch_kvno(krb5_context context, HDB *db,
krb5_const_principal principal,
unsigned flags,
s4/kdc - fix a warning regarding a changed parameter type (kvno) Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Fri Dec 3 23:56:15 CET 2010 on sn-devel-104
2010-12-04 01:06:53 +03:00
krb5_kvno kvno,
s4-kdc Fix up after import of new lorikeet-heimdal Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-10-02 10:55:06 +04:00
hdb_entry_ex *entry_ex)
{
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
struct sdb_entry_ex sdb_entry_ex = {};
krb5_error_code code, ret;
s4-kdc Fix up after import of new lorikeet-heimdal Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-10-02 10:55:06 +04:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
code = samba_kdc_fetch(context,
kdc_db_ctx,
principal,
flags,
kvno,
&sdb_entry_ex);
/*
* If SDB_ERR_WRONG_REALM is returned we need to process the sdb_entry
* to fill the principal in the HDB entry.
*/
if (code != 0 && code != SDB_ERR_WRONG_REALM) {
return code;
}
ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry_ex);
sdb_free_entry(&sdb_entry_ex);
if (code == 0 && ret != 0) {
code = ret;
}
return code;
s4-kdc Fix up after import of new lorikeet-heimdal Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-10-02 10:55:06 +04:00
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_firstkey(krb5_context context, HDB *db, unsigned flags,
r12269: Update to current lorikeet-heimdal. This changed the way the hdb interface worked, so hdb-ldb.c and the glue have been updated. Andrew Bartlett (This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
2005-12-15 23:38:24 +03:00
hdb_entry_ex *entry)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
struct sdb_entry_ex sdb_entry_ex = {};
krb5_error_code ret;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
r23488: hdb_openp has changed from void * to int... lha: what is the reason for this? it's really bad to use an int for storing a pointer value... metze (This used to be commit 625a6598566761121f16e47e88bdd0fbb0f2846c)
2007-06-14 16:19:53 +04:00
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
ret = samba_kdc_firstkey(context, kdc_db_ctx, &sdb_entry_ex);
if (ret) {
return ret;
}
ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
sdb_free_entry(&sdb_entry_ex);
return ret;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_nextkey(krb5_context context, HDB *db, unsigned flags,
r12269: Update to current lorikeet-heimdal. This changed the way the hdb interface worked, so hdb-ldb.c and the glue have been updated. Andrew Bartlett (This used to be commit 8fd5224c6b5c17c3a2c04c7366b7e367012db77e)
2005-12-15 23:38:24 +03:00
hdb_entry_ex *entry)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
struct sdb_entry_ex sdb_entry_ex = {};
krb5_error_code ret;
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
s4-kdc: Use sdb in db-glue and hdb-samba4 Guenther Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 30 13:29:27 CEST 2015 on sn-devel-104
2014-05-08 19:13:04 +04:00
ret = samba_kdc_nextkey(context, kdc_db_ctx, &sdb_entry_ex);
if (ret) {
return ret;
}
ret = sdb_entry_ex_to_hdb_entry_ex(context, &sdb_entry_ex, entry);
sdb_free_entry(&sdb_entry_ex);
return ret;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
}
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
static krb5_error_code hdb_samba4_destroy(krb5_context context, HDB *db)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
talloc_free(db);
return 0;
}
s4:kdc Simplify header files
2010-01-21 17:57:41 +03:00
static krb5_error_code
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
hdb_samba4_check_constrained_delegation(krb5_context context, HDB *db,
s4:kdc Simplify header files
2010-01-21 17:57:41 +03:00
hdb_entry_ex *entry,
krb5_const_principal target_principal)
s4:kdc Add in a simple check for constrained delegation to self To do this properly, we must use the PAC, but for now this is enough to check that we are delegating to another name on the same host (which must be safe). (Windows 7 does this a lot, also noted in bug 6273) Andrew Bartlett
2009-07-18 04:15:55 +04:00
{
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:58:08 +04:00
struct samba_kdc_entry *skdc_entry;
s4:kdc Add in a simple check for constrained delegation to self To do this properly, we must use the PAC, but for now this is enough to check that we are delegating to another name on the same host (which must be safe). (Windows 7 does this a lot, also noted in bug 6273) Andrew Bartlett
2009-07-18 04:15:55 +04:00
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:58:08 +04:00
skdc_entry = talloc_get_type_abort(entry->ctx,
struct samba_kdc_entry);
s4:kdc Add in a simple check for constrained delegation to self To do this properly, we must use the PAC, but for now this is enough to check that we are delegating to another name on the same host (which must be safe). (Windows 7 does this a lot, also noted in bug 6273) Andrew Bartlett
2009-07-18 04:15:55 +04:00
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
return samba_kdc_check_s4u2proxy(context, kdc_db_ctx,
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:58:08 +04:00
skdc_entry,
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
target_principal);
s4:kdc Add in a simple check for constrained delegation to self To do this properly, we must use the PAC, but for now this is enough to check that we are delegating to another name on the same host (which must be safe). (Windows 7 does this a lot, also noted in bug 6273) Andrew Bartlett
2009-07-18 04:15:55 +04:00
}
s4:kdc Simplify header files
2010-01-21 17:57:41 +03:00
static krb5_error_code
hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *db,
hdb_entry_ex *entry,
krb5_const_principal certificate_principal)
s4:kerberos Add support for user principal names in certificates This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28 08:05:19 +04:00
{
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:56:22 +04:00
struct samba_kdc_entry *skdc_entry;
s4:kerberos Add support for user principal names in certificates This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28 08:05:19 +04:00
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:56:22 +04:00
skdc_entry = talloc_get_type_abort(entry->ctx,
struct samba_kdc_entry);
s4:kerberos Add support for user principal names in certificates This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28 08:05:19 +04:00
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
return samba_kdc_check_pkinit_ms_upn_match(context, kdc_db_ctx,
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_pkinit_ms_upn_match(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:56:22 +04:00
skdc_entry,
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
certificate_principal);
s4:kerberos Add support for user principal names in certificates This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28 08:05:19 +04:00
}
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
static krb5_error_code
hdb_samba4_check_s4u2self(krb5_context context, HDB *db,
hdb_entry_ex *entry,
krb5_const_principal target_principal)
{
struct samba_kdc_db_context *kdc_db_ctx;
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:54:23 +04:00
struct samba_kdc_entry *skdc_entry;
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:54:23 +04:00
skdc_entry = talloc_get_type_abort(entry->ctx,
struct samba_kdc_entry);
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
return samba_kdc_check_s4u2self(context, kdc_db_ctx,
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2self(). Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 16:54:23 +04:00
skdc_entry,
target_principal);
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
}
s4:auth: Add password lockout support to the AD DC Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-06 01:39:42 +04:00
static krb5_error_code hdb_samba4_auth_status(krb5_context context, HDB *db,
hdb_entry_ex *entry,
int hdb_auth_status)
{
struct samba_kdc_db_context *kdc_db_ctx = talloc_get_type_abort(db->hdb_db,
struct samba_kdc_db_context);
struct samba_kdc_entry *p = talloc_get_type(entry->ctx, struct samba_kdc_entry);
if (hdb_auth_status == HDB_AUTH_WRONG_PASSWORD) {
authsam_update_bad_pwd_count(kdc_db_ctx->samdb, p->msg, ldb_get_default_basedn(kdc_db_ctx->samdb));
kdc: call authsam_zero_bad_pwd_count on successful AS-REQ Change-Id: I91bb663dcf1b1033cf756a860404c677e4ac4ade Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-26 06:32:18 +04:00
} else if (hdb_auth_status == HDB_AUTH_SUCCESS) {
authsam_zero_bad_pwd_count(kdc_db_ctx->samdb, p->msg);
s4:auth: Add password lockout support to the AD DC Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-06 01:39:42 +04:00
}
return 0;
}
s4:kdc move db functions in their own file Keep all heimdal related plugin code within hdb_samba4.c Move interfaces needed by multiple plugins in db-glue.c Move sequence context in main db context so that we do not depend on db->hdb_dbc in the common code. Remove unnecessary paremeters from function prototypes
2010-01-28 09:27:11 +03:00
/* This interface is to be called by the KDC and libnet_keytab_dump,
* which is expecting Samba calling conventions.
* It is also called by a wrapper (hdb_samba4_create) from the
* kpasswdd -> krb5 -> keytab_hdb -> hdb code */
r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our case) as the keytab. This avoids issues in replicated setups, as we will replicate the kpasswd key correctly (including from windows, which is why I care at the moment). Andrew Bartlett (This used to be commit 849500d1aa658817052423051b1f5d0b7a1db8e0)
2006-01-24 08:31:08 +03:00
s4:kdc Use better db context structure This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-28 08:08:36 +03:00
NTSTATUS hdb_samba4_create_kdc(struct samba_kdc_base_context *base_ctx,
krb5_context context, struct HDB **db)
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
{
s4:kdc Use better db context structure This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-28 08:08:36 +03:00
struct samba_kdc_db_context *kdc_db_ctx;
s4-hdb: go back to a separate samdb for the KDC The change to use a common system_session broke replication as the KDC forces CRED_DONT_USE_KERBEROS on session->credentials, which is shared with other parts of the system. This should be fixed once we confirm whether the ldap backend actually relies on CRED_DONT_USE_KERBEROS
2009-11-09 13:38:49 +03:00
NTSTATUS nt_status;
kdc: Add belts-and-braces check that we fail if the hdb version changes This checks both if host system run-time Heimdal has changed version, and that the build-time version is supported. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jan 20 22:26:49 CET 2014 on sn-devel-104
2014-01-14 02:23:04 +04:00
if (hdb_interface_version != HDB_INTERFACE_VERSION) {
krb5_set_error_message(context, EINVAL, "Heimdal HDB interface version mismatch between build-time and run-time libraries!");
return NT_STATUS_ERROR_DS_INCOMPATIBLE_VERSION;
}
s4:kdc Use better db context structure This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-28 08:08:36 +03:00
*db = talloc(base_ctx, HDB);
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
if (!*db) {
s4:heimdal: import lorikeet-heimdal-200906080040 (commit 904d0124b46eed7a8ad6e5b73e892ff34b6865ba) Also including the supporting changes required to pass make test A number of heimdal functions and constants have changed since we last imported a tree (for the better, but inconvenient for us). Andrew Bartlett
2009-06-08 13:06:16 +04:00
krb5_set_error_message(context, ENOMEM, "malloc: out of memory");
r12179: Allow our KDC to use LDAP to get to the backend database. To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2005-12-11 11:31:46 +03:00
return NT_STATUS_NO_MEMORY;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
}
(*db)->hdb_master_key_set = 0;
(*db)->hdb_db = NULL;
kdc: Fix enterpise principal name handling Based on a patch by Samuel Cabrero <scabrero@zentyal.com> This ensures we write the correct (implict, samAccountName) based UPN into the ticket, rather than the userPrincipalName, which will have a different realm. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz>
2014-12-17 07:02:53 +03:00
(*db)->hdb_capability_flags = HDB_CAP_F_HANDLE_ENTERPRISE_PRINCIPAL;
r7304: Make the libkdc actually work: - Remove (some) excess logging - use samdb_connect() to hook into the right handling for multiple tdb handles - move the connect to the server startup, rather than per-packet. - Fix config.mk dependency Tested with a WinXP domain join. Andrew Bartlett (This used to be commit 13cf51612d91385c6df5deadbf126bcc583f797d)
2005-06-05 17:11:42 +04:00
s4-kdc Add common setup, handle RODC setup case This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett
2010-09-28 07:05:37 +04:00
nt_status = samba_kdc_setup_db_ctx(*db, base_ctx, &kdc_db_ctx);
s4-hdb: go back to a separate samdb for the KDC The change to use a common system_session broke replication as the KDC forces CRED_DONT_USE_KERBEROS on session->credentials, which is shared with other parts of the system. This should be fixed once we confirm whether the ldap backend actually relies on CRED_DONT_USE_KERBEROS
2009-11-09 13:38:49 +03:00
if (!NT_STATUS_IS_OK(nt_status)) {
s4-kdc Add common setup, handle RODC setup case This means we just set up the system_session etc in one place and don't diverge between the MIT and Heimdal plugins. We also now determine if we are an RODC and store some details that we will need later. Andrew Bartlett
2010-09-28 07:05:37 +04:00
talloc_free(*db);
return nt_status;
s4-hdb: go back to a separate samdb for the KDC The change to use a common system_session broke replication as the KDC forces CRED_DONT_USE_KERBEROS on session->credentials, which is shared with other parts of the system. This should be fixed once we confirm whether the ldap backend actually relies on CRED_DONT_USE_KERBEROS
2009-11-09 13:38:49 +03:00
}
s4:kdc Use better db context structure This allows to use a common structure not tied to hdb_samba4 Also allows to avoid many casts within hdb_samba4 functions This is the first step to abstract samba kdc databse functions so they can be used by the MIT forthcoming plugin.
2010-01-28 08:08:36 +03:00
(*db)->hdb_db = kdc_db_ctx;
r23503: use hdb_dbc not hdb_openp. Andrew Bartlett (This used to be commit 3a21304de04fa20198d5a863ffd0804a308dccb9)
2007-06-15 04:14:11 +04:00
(*db)->hdb_dbc = NULL;
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
(*db)->hdb_open = hdb_samba4_open;
(*db)->hdb_close = hdb_samba4_close;
s4-kdc Fix up after import of new lorikeet-heimdal Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Sun Oct 3 01:56:04 UTC 2010 on sn-devel-104
2010-10-02 10:55:06 +04:00
(*db)->hdb_fetch_kvno = hdb_samba4_fetch_kvno;
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
(*db)->hdb_store = hdb_samba4_store;
(*db)->hdb_remove = hdb_samba4_remove;
(*db)->hdb_firstkey = hdb_samba4_firstkey;
(*db)->hdb_nextkey = hdb_samba4_nextkey;
(*db)->hdb_lock = hdb_samba4_lock;
(*db)->hdb_unlock = hdb_samba4_unlock;
(*db)->hdb_rename = hdb_samba4_rename;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
/* we don't implement these, as we are not a lockable database */
(*db)->hdb__get = NULL;
(*db)->hdb__put = NULL;
/* kadmin should not be used for deletes - use other tools instead */
(*db)->hdb__del = NULL;
s4:kdc rename functions from LDB_ to hdb_samba4 The LDB_ prefix is misleading, and stomps on the LDB namespace. This is a Samba4 hdb module, and not something generic. Andrew Bartlett
2009-07-16 06:47:57 +04:00
(*db)->hdb_destroy = hdb_samba4_destroy;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
s4:auth: Add password lockout support to the AD DC Including a fix by Arvid Requate <requate@univention.de> Change-Id: I25d10da50dd6119801cd37349cce970599531c6b Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-11-06 01:39:42 +04:00
(*db)->hdb_auth_status = hdb_samba4_auth_status;
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
(*db)->hdb_check_constrained_delegation = hdb_samba4_check_constrained_delegation;
s4:kerberos Add support for user principal names in certificates This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett
2009-07-28 08:05:19 +04:00
(*db)->hdb_check_pkinit_ms_upn_match = hdb_samba4_check_pkinit_ms_upn_match;
s4:kdc: split s4u2self and s4u2proxy checks metze
2011-04-07 13:16:55 +04:00
(*db)->hdb_check_s4u2self = hdb_samba4_check_s4u2self;
s4:kdc Initialise new hdb function pointers. Soon we will add implementations for these.
2009-07-07 06:34:55 +04:00
r12179: Allow our KDC to use LDAP to get to the backend database. To avoid a circular depenency, it is not allowed to use Krb5 as an authentication mechanism, so this must be removed from the list. An extension to the credentials system allows this function. Also remove proto.h use for any of the KDC, and use NTSTATUS returns in more places. Andrew Bartlett (This used to be commit 5f9dddd02c9c821675d2ccd07561a55edcd7f5b4)
2005-12-11 11:31:46 +03:00
return NT_STATUS_OK;
r7241: The KDC almost links... Using current lorikeet/heimdal, and with the KDC module enabled (it is disabled by default), I almost get the KDC to link. (To enable the KDC for testing, comment out the only line in smbd/config.m4, and add 'kdc' to the 'server services' line in smb.conf). (This used to be commit 26cd4b4f68a370390e08263067402c6c70e49ec8)
2005-06-03 18:32:10 +04:00
}
Copy Permalink