1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

246 Commits

Author SHA1 Message Date
Andrew Bartlett
2c2fde57fa Update copyright
(This used to be commit edea162a0e)
2008-09-05 16:45:58 +10:00
Andrew Bartlett
a35263e1ab Implement NETLOGON PAC verfication on the server-side
This is implemented by means of a message to the KDC, to avoid having
to link most of the KDC into netlogon.

Andrew Bartlett
(This used to be commit 82fcd7941f)
2008-09-03 15:30:17 +10:00
Andrew Bartlett
c79dff2e9b Heimdal provides Kerberos PAC parsing routines. Use them.
This uses Heimdal's PAC parsing code in the:
 - LOCAL-PAC test
 - gensec_gssapi server
 - KDC (where is was already used, the support code refactored from here)

In addition, the service and KDC checksums are recorded in the struct
auth_serversupplied_info, allowing them to be extracted for validation
across NETLOGON.

Andrew Bartlett
(This used to be commit 418b440a7b)
2008-08-28 16:28:47 +10:00
Stefan Metzmacher
d3265b01e5 kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.h
metze
(This used to be commit 65057f17b0)
2008-08-26 12:30:03 +02:00
Andrew Bartlett
7f86b26a35 Only allow the trust in the correct direction (per the flags).
(This used to be commit 2c71954294)
2008-08-26 10:27:00 +10:00
Andrew Bartlett
9eacc3a8f3 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into 4-0-local
(This used to be commit a555334db6)
2008-08-25 08:27:06 +10:00
Stefan Metzmacher
d0a8c05cb2 kdc/pac-glue: pull/push the logon_info via the PAC_INFO union
This prepares the next commit...

metze
(This used to be commit 7d297f7fb7)
2008-08-20 15:23:02 +02:00
Andrew Bartlett
fe95409de7 Trusted domains implementation for the KDC.
At this stage, only arcfour-hmac-md5 trusts are used, and all trusts
are presumed bi-directional.  Much more work still to be done.

Andrew Bartlett
(This used to be commit 3e9f5c2816)
2008-08-15 21:16:20 +10:00
Andrew Bartlett
5f873a4d8f More work towards trusted domain support in the KDC.
(This used to be commit c87d732b23)
2008-08-08 10:35:57 +10:00
Andrew Bartlett
8930a2159d Start implementind domain trusts in our KDC.
Andrew Bartlett
(This used to be commit 8aba7c3623)
2008-08-05 12:46:57 +10:00
Stefan Metzmacher
5fd1c5445b libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
metze
(This used to be commit cffed8e19e)
2008-08-01 21:10:40 +02:00
Stefan Metzmacher
f2ac351d6e kdc: use mostly only public kerberos headers
We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze
(This used to be commit 10db07c69a)
2008-08-01 17:54:34 +02:00
Stefan Metzmacher
7b4081da8f Revert "Start implementind domain trusts in our KDC."
This reverts commit 736ce50afd.

This breaks the build...

metze
(This used to be commit afd07073b9)
2008-08-01 15:22:25 +02:00
Andrew Bartlett
2a0677e514 Start implementind domain trusts in our KDC.
Andrew Bartlett
(This used to be commit 736ce50afd)
2008-07-31 07:47:01 +10:00
Stefan Metzmacher
79657f78e8 hdb-ldb: fix the callers after drsblobs.idl changes
metze
(This used to be commit 1223cd17c7)
2008-07-24 08:24:10 +02:00
Stefan Metzmacher
0842eb25a1 hdb-ldb: try to find Primary:Kerberos-Newer-Keys and fallback to Primary:Kerberos
Now provide AES tickets if we find the keys in the supplementalCredentials attribute

metze
(This used to be commit 8300259f10)
2008-07-23 14:46:11 +02:00
Stefan Metzmacher
fa40b0709a hdb-ldb: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE
metze
(This used to be commit 7219740ef4)
2008-07-23 14:46:08 +02:00
Stefan Metzmacher
b4e9e8954a hdb-ldb: fix comment about padding
metze
(This used to be commit ca28d05b11)
2008-07-23 14:46:06 +02:00
Stefan Metzmacher
75cdaa4c84 hdb-ldb: fix crash bug in the error path
metze
(This used to be commit ac02d6a0f7)
2008-07-23 14:46:06 +02:00
Stefan Metzmacher
71ce9975fa kdc: we don't need any *_locl.h header from heimdal in the kdc
metze
(This used to be commit feca16dd6d)
2008-06-04 15:39:17 +02:00
Andrew Bartlett
be14efbdf9 Revert Jelmer's CFLAGS commit e2b71a0ecb
This commit broke the build, because not all files (libreplace, popt)
were updated.

Andrew Bartlett
(This used to be commit 3faacf4351)
2008-05-31 08:35:55 +10:00
Jelmer Vernooij
39f50afc57 Move CFLAGS handling out of smb_build.
(This used to be commit e2b71a0ecb)
2008-05-30 02:07:28 +02:00
Jelmer Vernooij
4c70cda986 Fix a couple (well, little more than that..) of typos.
(This used to be commit a6b5211994)
2008-05-18 23:02:47 +02:00
Jelmer Vernooij
4c8756f147 Create prototype headers from Makefile directory, without smb_build in the middle.
(This used to be commit f4a77b96f9)
2008-05-18 22:30:08 +02:00
Jelmer Vernooij
4f0db42958 Use variables for source directory in a couple more places.
(This used to be commit 56bb2907c6)
2008-05-18 19:41:33 +02:00
Jelmer Vernooij
cc9c4aaa8d Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
Conflicts:

	source/Makefile
	source/auth/config.mk
	source/auth/gensec/config.mk
	source/build/m4/public.m4
	source/build/make/python.mk
	source/build/make/rules.mk
	source/build/smb_build/header.pm
	source/build/smb_build/main.pl
	source/build/smb_build/makefile.pm
	source/dsdb/config.mk
	source/dsdb/samdb/ldb_modules/config.mk
	source/kdc/config.mk
	source/lib/events/config.mk
	source/lib/events/events.c
	source/lib/ldb/config.mk
	source/lib/nss_wrapper/config.mk
	source/lib/policy/config.mk
	source/lib/util/config.mk
	source/libcli/smb2/config.mk
	source/libnet/config.mk
	source/librpc/config.mk
	source/nbt_server/config.mk
	source/ntptr/ntptr_base.c
	source/ntvfs/posix/config.mk
	source/ntvfs/sysdep/config.mk
	source/param/config.mk
	source/rpc_server/config.mk
	source/rpc_server/service_rpc.c
	source/scripting/ejs/config.mk
	source/scripting/python/config.mk
	source/smb_server/config.mk
	source/smbd/server.c
	source/torture/config.mk
	source/torture/smb2/config.mk
	source/wrepl_server/config.mk
(This used to be commit 13bbd42068)
2008-04-25 10:04:20 +01:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly.
(This used to be commit b4e1ae07a2)
2008-04-17 12:23:44 +02:00
Jelmer Vernooij
1efbd5fbf6 Remove event context tracking from the credentials struct.
(This used to be commit 4d7fc946b2)
2008-04-17 01:03:18 +02:00
Jelmer Vernooij
ffc5cbfe80 Move object files lists to makefile rather than smb_build.
(This used to be commit 5628d58990)
2008-04-14 16:53:00 +02:00
Jelmer Vernooij
18d80bdf1f Merge v4.0-test
(This used to be commit 977dbdeaf3)
2008-03-28 00:44:14 +01:00
Andrew Bartlett
dc49ae599e Remove useless extra argument to samdb_result_account_expires().
Andrew Bartlett
(This used to be commit bc607c334f)
2008-03-25 15:25:13 +11:00
Andrew Bartlett
a08e951eb8 Remove unused variable.
(This used to be commit 1de21f5fdd)
2008-03-19 11:15:04 +11:00
Andrew Bartlett
aaf62085dd Merge branch 'v4-0-logon' of git://git.id10ts.net/samba into 4-0-local
(This used to be commit 8252b51850)
2008-03-19 11:04:42 +11:00
Andrew Bartlett
9e6b0c2871 Merge lorikeet-heimdal -r 787 into Samba4 tree.
Andrew Bartlett
(This used to be commit d88b530522)
2008-03-19 10:17:42 +11:00
Andrew Kroeger
131111f166 kdc: Provide extended error information in AS-REP error replies.
This change utilizes the addition of the e_data parameter to the windc_plugin in
the heimdal code to pass extended information back to the client.  The extended
information is provided in an e-data block as part of the kerberos error
message, and allows the client to determine which specific error condition
occurred.
(This used to be commit 502466ba95)
2008-03-13 01:17:48 -05:00
Jelmer Vernooij
fb6fdfce37 Fix the build.
(This used to be commit f2e4974471)
2008-03-08 17:02:40 +01:00
Jelmer Vernooij
fc2cd5ed63 Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3
(This used to be commit e4da851bd7)
2008-03-07 18:03:54 +01:00
Andrew Kroeger
e9171397ec Enhance mappings of NTSTATUS to KRB5KDC errors.
The enhanced mappings allow the Windows client to determine whether a user's
password needs to be changed (and allows them to change it), or if they cannot
logon at all.

Changes still need to be made to allow additional data to be returned.  Windows
uses that additional data to display more detailed dialogs to the user.  The
additional information is returned in an e-data struct of type PA-PW-SALT that
contains the more-detailed NTSTATUS error code.
(This used to be commit 6a98e5a7aa)
2008-03-07 05:59:56 -06:00
Andrew Kroeger
20c7014009 Update account expiration to use new samdb_result_account_expires() function.
(This used to be commit 2b6b4e5a16)
2008-03-07 05:59:56 -06:00
Jelmer Vernooij
6cf92e604d Fix the build.
(This used to be commit 49ef8d0c19)
2008-03-04 13:06:08 +01:00
Jelmer Vernooij
b29d47edcf Move object file lists to the Makefile.
(This used to be commit a7e6d2a183)
2008-03-03 18:25:28 +01:00
Jelmer Vernooij
c38c2765d1 Remove yet more uses of global_loadparm.
(This used to be commit e01c1e87c0)
2008-02-21 17:17:37 +01:00
Jelmer Vernooij
263a77c561 Remove more uses of global_loadparm.
(This used to be commit a1715b1f48)
2008-02-21 15:45:32 +01:00
Jelmer Vernooij
d9f8232c34 Remove more uses of global_loadparm.
(This used to be commit 230355d2e6)
2008-02-21 15:21:45 +01:00
Jelmer Vernooij
921b176484 Remove more uses of global_loadparm.
(This used to be commit 47d05ecf6f)
2008-02-21 14:50:57 +01:00
Jelmer Vernooij
37deca2d41 Avoid use of global_loadparm.
(This used to be commit c5a95bbe0c)
2008-02-21 14:16:02 +01:00
Jelmer Vernooij
3f63d2fe4d Fix unresolved symbols.
(This used to be commit dbcecb6d8f)
2008-02-18 17:24:29 +01:00
Andrew Bartlett
0f8eeb81ec Remove useless layer of indirection, where every service called
task_service_init() manually.  Now this is called from service.c for
all services.

Andrew Bartlett
(This used to be commit 9c9a4731ca)
2008-02-04 21:58:29 +11:00
Andrew Bartlett
23d681caf9 Rework service init functions to pass down service name. This is
needed to change prefork behaviour based on what service is being
started.

Andrew Bartlett and David Disseldorp
(This used to be commit 0d830580e3)
2008-02-04 17:48:51 +11:00
Jelmer Vernooij
df408d056e r26672: Janitorial: Remove uses of global_loadparm.
(This used to be commit 18cd08623e)
2008-01-05 13:06:03 -06:00