sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Code
53,081 Commits 60 Branches 1,144 Tags 452 MiB
4eb557bf25
Commit Graph

278 Commits

Author SHA1 Message Date
Stefan Metzmacher
9521801dc8 s4:kdc: use krb5_data_free() 
metze
 2009-03-26 15:01:03 +01:00
Jelmer Vernooij
7ab8f373c8 Use common header file for character set handling in Samba 3 and Samba 4. 2009-03-01 22:24:34 +01:00
Jelmer Vernooij
94069bd274 s4: Use same function signature for convert_* as s3. 2009-03-01 19:55:46 +01:00
Jelmer Vernooij
9ffb6d2d9e Add allow_badcharcnv argument to all conversion function, for 
consistency with Samba 3.
 2009-03-01 06:33:40 +01:00
Andrew Bartlett
71632a1697 Remove auth/ntlm as a dependency of GENSEC by means of function pointers. 
When starting GENSEC on the server, the auth subsystem context must be
passed in, which now includes function pointers to the key elements.

This should (when the other dependencies are fixed up) allow GENSEC to
exist as a client or server library without bundling in too much of
our server code.

Andrew Bartlett
 2009-02-13 10:24:16 +11:00
Stefan Metzmacher
d9c30894a1 s4:service_stream: s/private/private_data 
metze
 2009-02-02 13:09:00 +01:00
Stefan Metzmacher
5f13710ced s4:irpc: avoid c++ reserved word 'private' 
metze
 2009-02-01 00:17:20 +01:00
Stefan Metzmacher
15239f742c s4:kdc: avoid c++ reserved word 'private' 
metze
 2009-02-01 00:17:19 +01:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs 
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
 2008-12-29 20:46:40 +01:00
Stefan Metzmacher
f271469931 s4:kdc: pass down event_context explicit 
metze
 2008-12-29 09:46:38 +01:00
Jelmer Vernooij
928fd47c3d s4: Fix subsystem for various services in samba daemon. 2008-12-22 19:04:55 +01:00
Stefan Metzmacher
180245fce0 s4:kdc: allow a trusted domain to get kerberos tickets 
metze
 2008-12-04 15:45:16 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but 
should in the future only contain some settings required for gensec.
 2008-11-02 02:05:48 +01:00
Jelmer Vernooij
23302413b3 Remove unused include param/param.h. 2008-10-24 16:37:56 +02:00
Jelmer Vernooij
37d885c51a Remove iconv_convenience argument from convert_string{,talloc}() but 
make them wrappers around convert_string{,talloc}_convenience().
 2008-10-24 14:26:46 +02:00
Jelmer Vernooij
922a29992e Remove iconv_convenience parameter from simple string push/pull 
functions.
 2008-10-24 03:40:09 +02:00
Andrew Bartlett
c41cc67722 Ensure the hdb_method structure is not on the stack. 
We supply this to krb5 as a plugin, so we must keep it around as long
as the krb5_context.

Andrew Bartlett
 2008-10-20 20:07:09 +11:00
Jelmer Vernooij
6a89b59ca6 Add TALLOC_CTX pointer to strhex_to_data_blob for consistency with Samba 
3.
 2008-10-18 18:09:04 +02:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords. 
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
 2008-10-16 12:48:16 +11:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Andrew Bartlett
e0a4d7f467 Set default trust kvno to -1 2008-10-06 14:28:27 -07:00
Andrew Bartlett
c3b28c7a81 Fix cross-realm authentication in Samba4's KDC. 2008-10-06 14:28:27 -07:00
Andrew Bartlett
912209ac84 Use the trust password version as kvno for trusts in Kerberos. 2008-10-06 14:28:26 -07:00
Andrew Bartlett
6ad78f01a5 Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc. 
This avoids one more custom patch to the Heimdal code, and provides a
more standard way to produce hdb plugins in future.

I've renamed from hdb_ldb to hdb_samba4 as it really is not generic
ldb.

Andrew Bartlett
 2008-09-29 22:34:35 -07:00
Matthias Dieter Wallnöfer
57edd24ca0 Cosmetic corrections for the KERBEROS library 
This commit applies some cosmetic corrections for the KERBEROS library.
 2008-09-24 19:40:03 +02:00
Jelmer Vernooij
6925202bde Move source4/lib/crypto to lib/crypto. 2008-09-24 15:30:23 +02:00
Jelmer Vernooij
6a689c23e8 Rename smbd -> samba. 
This reverts commit 05ea5e23cf.

Conflicts:

	source4/smbd/server.c
 2008-09-24 03:16:15 +02:00
Simo Sorce
508527890a Merge ldb_search() and ldb_search_exp_fmt() into a simgle function. 
The previous ldb_search() interface made it way too easy to leak results,
and being able to use a printf-like expression turns to be really useful.
 2008-09-23 18:17:46 -04:00
Andrew Bartlett
cebd9a9013 This torture test and skipping of the server-side check was bogus. 
The IDL is declared to force the MessageType to 3 on output, so we
instead checked the same thing 255 times...

Andrew Bartlett
 2008-09-22 14:23:22 -07:00
Stefan Metzmacher
1d92b2211c s4: allways initialize the process model before it's used 
metze
 2008-09-22 18:16:09 +02:00
Jelmer Vernooij
05ea5e23cf Revert "Rename smbd -> samba." 
This reverts commit 0e9008be35.
 2008-09-21 21:32:40 +02:00
Jelmer Vernooij
0e9008be35 Rename smbd -> samba. 2008-09-21 21:26:40 +02:00
Andrew Bartlett
2c2fde57fa Update copyright 
(This used to be commit edea162a0e)
 2008-09-05 16:45:58 +10:00
Andrew Bartlett
a35263e1ab Implement NETLOGON PAC verfication on the server-side 
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.

Andrew Bartlett
(This used to be commit 82fcd7941f)
 2008-09-03 15:30:17 +10:00
Andrew Bartlett
c79dff2e9b Heimdal provides Kerberos PAC parsing routines. Use them. 
This uses Heimdal's PAC parsing code in the:
 - LOCAL-PAC test
 - gensec_gssapi server
 - KDC (where is was already used, the support code refactored from here)

In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.

Andrew Bartlett
(This used to be commit 418b440a7b)
 2008-08-28 16:28:47 +10:00
Stefan Metzmacher
d3265b01e5 kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.h 
metze
(This used to be commit 65057f17b0)
 2008-08-26 12:30:03 +02:00
Andrew Bartlett
7f86b26a35 Only allow the trust in the correct direction (per the flags). 
(This used to be commit 2c71954294)
 2008-08-26 10:27:00 +10:00
Andrew Bartlett
9eacc3a8f3 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local 
(This used to be commit a555334db6)
 2008-08-25 08:27:06 +10:00
Stefan Metzmacher
d0a8c05cb2 kdc/pac-glue: pull/push the logon_info via the PAC_INFO union 
This prepares the next commit...

metze
(This used to be commit 7d297f7fb7)
 2008-08-20 15:23:02 +02:00
Andrew Bartlett
fe95409de7 Trusted domains implementation for the KDC. 
At this stage, only arcfour-hmac-md5 trusts are used, and all trusts
are presumed bi-directional.  Much more work still to be done.

Andrew Bartlett
(This used to be commit 3e9f5c2816)
 2008-08-15 21:16:20 +10:00
Andrew Bartlett
5f873a4d8f More work towards trusted domain support in the KDC. 
(This used to be commit c87d732b23)
 2008-08-08 10:35:57 +10:00
Andrew Bartlett
8930a2159d Start implementind domain trusts in our KDC. 
Andrew Bartlett
(This used to be commit 8aba7c3623)
 2008-08-05 12:46:57 +10:00
Stefan Metzmacher
5fd1c5445b libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers 
metze
(This used to be commit cffed8e19e)
 2008-08-01 21:10:40 +02:00
Stefan Metzmacher
f2ac351d6e kdc: use mostly only public kerberos headers 
We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze
(This used to be commit 10db07c69a)
 2008-08-01 17:54:34 +02:00
Stefan Metzmacher
7b4081da8f Revert "Start implementind domain trusts in our KDC." 
This reverts commit 736ce50afd.

This breaks the build...

metze
(This used to be commit afd07073b9)
 2008-08-01 15:22:25 +02:00
Andrew Bartlett
2a0677e514 Start implementind domain trusts in our KDC. 
Andrew Bartlett
(This used to be commit 736ce50afd)
 2008-07-31 07:47:01 +10:00
Stefan Metzmacher
79657f78e8 hdb-ldb: fix the callers after drsblobs.idl changes 
metze
(This used to be commit 1223cd17c7)
 2008-07-24 08:24:10 +02:00
Stefan Metzmacher
0842eb25a1 hdb-ldb: try to find Primary:Kerberos-Newer-Keys and fallback to Primary:Kerberos 
Now provide AES tickets if we find the keys in the supplementalCredentials attribute

metze
(This used to be commit 8300259f10)
 2008-07-23 14:46:11 +02:00
Stefan Metzmacher
fa40b0709a hdb-ldb: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE 
metze
(This used to be commit 7219740ef4)
 2008-07-23 14:46:08 +02:00
Stefan Metzmacher
b4e9e8954a hdb-ldb: fix comment about padding 
metze
(This used to be commit ca28d05b11)
 2008-07-23 14:46:06 +02:00