Andreas Schneider
764e485450
mit-samba: Remove obsolete mit_samba_update_pac_data()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:12 +02:00
Andreas Schneider
648388ad00
s4-kdc: Implement mit_samba_reget_pac()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:12 +02:00
Andreas Schneider
a72eecd5bf
mit-samba: Remove unused mit_samba_get_pac_data()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
e240cff591
s4-kdc: Implement mit_samba_get_pac()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
ecf42cef39
s4-kdc: Fix logging with the KDB driver
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:11 +02:00
Andreas Schneider
b161e5c923
mit-kdb: Zero the db principal when we allocate it
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-29 23:31:08 +02:00
Andreas Schneider
4f51484b40
mit_samba: Add missing copyright
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-30 11:34:14 +02:00
Andreas Schneider
5ac9de30f0
mit_samba: Add missing argument passed to authsam_make_user_info_dc()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-30 11:34:14 +02:00
Andreas Schneider
4aab5ba2ce
mit_samba: Allow to use SPNs for AS-REQ
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Jun 2 16:35:35 CEST 2016 on sn-devel-144
2016-06-02 16:35:35 +02:00
Andreas Schneider
8267b2e186
mit_samba: Fix flags that we get a referral tickets
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
7019103bab
mit_samba: Return 0 in case of a wrong realm
...
The MIT KDC will deal with this correctly for us.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-02 12:48:13 +02:00
Andreas Schneider
abfa8e335c
mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests
...
This correctly handles enterprise principals and ticket renewal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 17 07:57:49 CET 2016 on sn-devel-144
2016-03-17 07:57:49 +01:00
Andreas Schneider
859c625c82
mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:29 +01:00
Andreas Schneider
4865867f59
mit_samba: Setup logging to stdout
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
23c249a88b
mit_samba: Add function for handling bad password count
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
9734b5d9ed
mit_samba: Add functions to generate random password and salt.
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
909e7f9ff6
mit_samba: Add function to change the password
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
77cec013c3
mit_samba: Add ks_is_tgs_principal()
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Günther Deschner
859a6fba0b
mit_samba: Use talloc_zero in mit_samba_context_init().
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
597772dbd2
mit_samba: Directly pass the principal and kflags
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:28 +01:00
Andreas Schneider
33fcc76aa7
mit_samba: Make mit_samba a shim layer between Samba and KDB
...
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:27 +01:00
Günther Deschner
209d4b5b28
mit_samba: Use sdb in the mit_samba plugin
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:27 +01:00
Günther Deschner
893963cf78
s4-kdc/mit_samba: add a copy of samba_kdc_build_edata_reply for MIT.
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-07-21 19:04:14 +02:00
Günther Deschner
0501db1a67
s4-kdc: pass down only a samba_kdc_entry to samba_kdc_get_pac_blob().
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-27 01:26:16 +01:00
Günther Deschner
78c0cf292b
s4-kdc: pass down only a samba_kdc_entry to samba_princ_needs_pac().
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-27 01:26:16 +01:00
Günther Deschner
ba1838300c
s4-kdc/db_glue: pass down only a samba_kdc_entry to samba_kdc_check_s4u2proxy().
...
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-27 01:26:16 +01:00
Andrew Bartlett
49f8113fab
s4-kdc Do the KDC PAC checksum validation in the Samba plugin
...
Here we can fetch the right key, and check if the PAC is likely to be signed by a key that
we know. We cannot check the KDC signature on incoming trusts.
Andrew Bartlett
2012-01-12 18:02:54 +11:00
Stefan Metzmacher
b005fa142f
s4:kdc/mit_samba: disable mit_samba_check_s4u2proxy()
...
As mit_samba_update_pac_data() doesn't support adding
S4U_DELEGATION_INFO to the pac (and I have no clue how to add that)
we should disable S4U2Proxy until this is implemented.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jun 28 20:35:19 CEST 2011 on sn-devel-104
2011-06-28 20:35:18 +02:00
Stefan Metzmacher
73b1e1466c
s4:kdc: generate the S4U_DELEGATION_INFO in the regenerated pac
...
metze
2011-06-28 19:23:43 +02:00
Stefan Metzmacher
a7b8593f9c
s4:kdc: split s4u2self and s4u2proxy checks
...
metze
2011-05-18 07:46:44 +02:00
Simo Sorce
1d27f0b264
mit-samba: Allow nesting on the event context
...
This context is used in ldb, and ldb modules apparently abort if nesting is not
allowed.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Mon Feb 7 20:58:02 CET 2011 on sn-devel-104
2011-02-07 20:58:02 +01:00
Matthias Dieter Wallnöfer
136a5d7a26
s4:kdc/*.c - minimise includes
...
Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Sun Dec 12 15:20:46 CET 2010 on sn-devel-104
2010-12-12 15:20:46 +01:00
Andrew Tridgell
33d178767b
s4-loadparm: use loadparm_init_global() instead of loadparm_init()
...
this prevents us having two lp_ctx contexts in these tools which leads
to bizarre behaviour
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-11-29 18:04:42 +11:00
Andrew Bartlett
baeaa17986
s4-kerberos Remove unused parameter
2010-10-11 13:02:15 +00:00
Andrew Bartlett
89ee9e6518
s4-kdc Handle the case where we may be given a ticket from an RODC in db layer
...
This includes rewriting the PAC if the original krbtgt isn't to be
trusted, and reading different entries from the DB for the krbtgt
depending on the krbtgt number.
Andrew Bartlett
2010-09-29 04:23:07 +10:00
Andrew Bartlett
3021af2777
s4-kdc Add common setup, handle RODC setup case
...
This means we just set up the system_session etc in one place
and don't diverge between the MIT and Heimdal plugins.
We also now determine if we are an RODC and store some details
that we will need later.
Andrew Bartlett
2010-09-29 04:23:07 +10:00
Andrew Tridgell
6b266b85cf
s4-loadparm: 2nd half of lp_ to lpcfg_ conversion
...
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-07-16 18:24:27 +10:00
Andrew Bartlett
e5232bdc69
s4:kdc Remove special talloc_free of the ldb context
...
I can see no reason not to just let this go with the talloc tree that
created it, and avoid a talloc_free with references.
Andrew Bartlett
2010-05-28 21:59:04 +10:00
Jelmer Vernooij
b8268cf7b0
s3: Remove use of iconv_convenience.
2010-05-18 11:45:31 +02:00
Andrew Bartlett
f2b63d58da
s4:kdc Add functions to hdb-samba4 for the new s4u2self callback.
...
For now, this shares the 'if it's the same host' system with the
constrained delegation code.
Andrew Bartlett
2010-04-10 21:40:59 +10:00
Simo Sorce
d8cbc6ccdb
s4:kdc add mit plugin code
2010-02-25 13:01:14 -05:00