1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

46 Commits

Author SHA1 Message Date
Jelmer Vernooij
94069bd274 s4: Use same function signature for convert_* as s3. 2009-03-01 19:55:46 +01:00
Jelmer Vernooij
9ffb6d2d9e Add allow_badcharcnv argument to all conversion function, for
consistency with Samba 3.
2009-03-01 06:33:40 +01:00
Andrew Bartlett
71632a1697 Remove auth/ntlm as a dependency of GENSEC by means of function pointers.
When starting GENSEC on the server, the auth subsystem context must be
passed in, which now includes function pointers to the key elements.

This should (when the other dependencies are fixed up) allow GENSEC to
exist as a client or server library without bundling in too much of
our server code.

Andrew Bartlett
2009-02-13 10:24:16 +11:00
Stefan Metzmacher
183c379fe5 s4:lib/tevent: rename structs
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"

for s in $list; do
	o=`echo $s | cut -d ':' -f1`
	n=`echo $s | cut -d ':' -f2`
	r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
	files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
	for f in $files; do
		cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
		mv $f.tmp $f
	done
done

metze
2008-12-29 20:46:40 +01:00
Jelmer Vernooij
b034c519f5 Add gensec_settings structure. This wraps loadparm_context for now, but
should in the future only contain some settings required for gensec.
2008-11-02 02:05:48 +01:00
Jelmer Vernooij
37d885c51a Remove iconv_convenience argument from convert_string{,talloc}() but
make them wrappers around convert_string{,talloc}_convenience().
2008-10-24 14:26:46 +02:00
Jelmer Vernooij
922a29992e Remove iconv_convenience parameter from simple string push/pull
functions.
2008-10-24 03:40:09 +02:00
Andrew Bartlett
7c88ea8aad Create a 'straight paper path' for UTF16 passwords.
This uses a virtual attribute 'clearTextPassword' (name chosen to
match references in MS-SAMR) that contains the length-limited blob
containing an allegidly UTF16 password.  This ensures we do no
validation or filtering of the password before we get a chance to MD4
it.  We can then do the required munging into UTF8, and in future
implement the rules Microsoft has provided us with for invalid inputs.

All layers in the process now deal with the strings as length-limited
inputs, incluing the krb5 string2key calls.

This commit also includes a small change to samdb_result_passwords()
to ensure that LM passwords are not returned to the application logic
if LM authentication is disabled.

The objectClass module has been modified to allow the
clearTextPassword attribute to pass down the stack.

Andrew Bartlett
2008-10-16 12:48:16 +11:00
Jelmer Vernooij
9565999755 Fix include paths to new location of libutil. 2008-10-11 21:31:42 +02:00
Stefan Metzmacher
d3265b01e5 kdc: move references to heimdal internals into heimdal_build/kpasswd-glue.h
metze
(This used to be commit 65057f17b0)
2008-08-26 12:30:03 +02:00
Stefan Metzmacher
5fd1c5445b libreplace: include <krb5.h> and <com_err.h> and no heimdal specific headers
metze
(This used to be commit cffed8e19e)
2008-08-01 21:10:40 +02:00
Stefan Metzmacher
f2ac351d6e kdc: use mostly only public kerberos headers
We shoule avoid using the private heimdal function
_krb5_principalname2krb5_principal()

metze
(This used to be commit 10db07c69a)
2008-08-01 17:54:34 +02:00
Stefan Metzmacher
71ce9975fa kdc: we don't need any *_locl.h header from heimdal in the kdc
metze
(This used to be commit feca16dd6d)
2008-06-04 15:39:17 +02:00
Jelmer Vernooij
21fc767378 Specify event_context to ldb_wrap_connect explicitly.
(This used to be commit b4e1ae07a2)
2008-04-17 12:23:44 +02:00
Jelmer Vernooij
1efbd5fbf6 Remove event context tracking from the credentials struct.
(This used to be commit 4d7fc946b2)
2008-04-17 01:03:18 +02:00
Jelmer Vernooij
a2cea02584 r26430: require explicit specification of loadparm context.
(This used to be commit 1b947fe0e6)
2007-12-21 05:49:58 +01:00
Jelmer Vernooij
a5b8999f23 r26427: Avoid global_smb_iconv_convenience.
(This used to be commit bf072c6fb3)
2007-12-21 05:49:53 +01:00
Jelmer Vernooij
39ee38d9c1 r26316: Use contexts for conversion functions.
(This used to be commit f6420d933b)
2007-12-21 05:48:30 +01:00
Jelmer Vernooij
ecea5ce245 r26260: Store loadparm context in gensec context.
(This used to be commit b9e3a4862e)
2007-12-21 05:47:34 +01:00
Jelmer Vernooij
43696d2752 r26252: Specify loadparm_context explicitly when creating sessions.
(This used to be commit 7280c1e941)
2007-12-21 05:47:29 +01:00
Jelmer Vernooij
f4a1083cf9 r26227: Make loadparm_context part of a server task, move loadparm_contexts further up the call stack.
(This used to be commit 0721a07aad)
2007-12-21 05:47:04 +01:00
Jelmer Vernooij
2f1c0eca13 r25548: Convert to standard bool type.
(This used to be commit 190d73b44b)
2007-10-10 15:07:53 -05:00
Jelmer Vernooij
37d53832a4 r25398: Parse loadparm context to all lp_*() functions.
(This used to be commit 3fcc960839)
2007-10-10 15:07:25 -05:00
Jelmer Vernooij
cd962355ab r25000: Fix some more C++ compatibility warnings.
(This used to be commit 08bb1ef643)
2007-10-10 15:05:27 -05:00
Andrew Bartlett
db24e606f1 r24613: Missed this in my recent commit -r 24611. We don't discriminate on
where the password change came from, to determine if policy should be
applied.  We discriminate on if the account is a trust account.

Andrew Bartlett
(This used to be commit 48fd288957)
2007-10-10 15:02:24 -05:00
Andrew Tridgell
0479a2f1cb r23792: convert Samba4 to GPLv3
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac)
2007-10-10 14:59:12 -05:00
Simo Sorce
a9e31b33b5 r19832: better prototypes for the linearization functions:
- ldb_dn_get_linearized
  returns a const string

- ldb_dn_alloc_linearized
  allocs astring with the linearized dn
(This used to be commit 3929c086d5)
2007-10-10 14:28:22 -05:00
Andrew Bartlett
3c1e780ec7 r19604: This is a massive commit, and I appologise in advance for it's size.
This merges Samba4 with lorikeet-heimdal, which itself has been
tracking Heimdal CVS for the past couple of weeks.

This is such a big change because Heimdal reorganised it's internal
structures, with the mechglue merge, and because many of our 'wishes' have been granted:  we now have DCE_STYLE GSSAPI, send_to_kdc hooks and many other features merged into the mainline code.  We have adapted to upstream's choice of API in these cases.

In gensec_gssapi and gensec_krb5, we either expect a valid PAC, or NO
PAC.  This matches windows behavour.  We also have an option to
require the PAC to be present (which allows us to automate the testing
of this code).

This also includes a restructure of how the kerberos dependencies are
handled, due to the fallout of the merge.

Andrew Bartlett
(This used to be commit 4826f17351)
2007-10-10 14:25:03 -05:00
Andrew Bartlett
13dbee3ffe r19598: Ahead of a merge to current lorikeet-heimdal:
Break up auth/auth.h not to include the world.

Add credentials_krb5.h with the kerberos dependent prototypes.

Andrew Bartlett
(This used to be commit 2b569c42e0)
2007-10-10 14:25:00 -05:00
Andrew Bartlett
390ece7f3d r18827: I forgot to commit this:
Make kpasswdd use the new prototype for
_krb5_principalname2krb5_principal()

Andrew Bartlett
(This used to be commit 989f40ea02)
2007-10-10 14:19:14 -05:00
Günther Deschner
8153859fb4 r18636: Excessive testing with pam_winbind within Samba3 revealed a new samr
reject reason code while password changing: SAMR_REJECT_IN_HISTORY which
is different from SAMR_REJECT_COMPLEXITY.

torture test to follow as well.

Guenther
(This used to be commit 7513748208)
2007-10-10 14:18:59 -05:00
Jelmer Vernooij
0329d755a7 r17930: Merge noinclude branch:
* Move dlinklist.h, smb.h to subsystem-specific directories
 * Clean up ads.h and move what is left of it to dsdb/
   (only place where it's used)
(This used to be commit f7afa1cb77)
2007-10-10 14:16:54 -05:00
Stefan Metzmacher
7a845bcb01 r17341: pass a messaging context to auth_context_create()
and gensec_server_start().

calling them with NULL for event context or messaging context
is no longer allowed!

metze
(This used to be commit 679ac74e71)
2007-10-10 14:15:17 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Stefan Metzmacher
9424766ee0 r14856: fix bugs noticed by the ibm code checker
metze
(This used to be commit f72e7d9dcd)
2007-10-10 13:59:43 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Jelmer Vernooij
e3f2414cf9 r14380: Reduce the size of structs.h
(This used to be commit 1a16a6f1df)
2007-10-10 13:57:16 -05:00
Jelmer Vernooij
ba564a901e r13903: Don't generate prototypes for modules and binaries in include/proto.h by
default.
(This used to be commit c80a8f1102)
2007-10-10 13:52:21 -05:00
Andrew Bartlett
28d78c40ad r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab.

This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).

Andrew Bartlett
(This used to be commit 849500d1aa)
2007-10-10 13:51:26 -05:00
Andrew Bartlett
f55ea8bb3d r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.

It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).

This passes 'make test' as well as kerberos use (not currently in the
testsuite).

The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again.   It also removes nbt_peer_addr, which was being used
for a similar purpose.

It is a large change, but worthwhile I feel.

Andrew Bartlett
(This used to be commit 88198c4881)
2007-10-10 13:49:57 -05:00
Andrew Bartlett
c6bbeded15 r12683: Fix declaration and initialisation placement.
Andrew Bartlett
(This used to be commit 17e20930ec)
2007-10-10 13:49:37 -05:00
Andrew Bartlett
8cd5930a4b r12682: This patch finally fixes our kpasswdd implementation to be compatible
with clients compiled against the MIT Kerberos implementation.  (Which
checks for address in KRB-PRIV packets, hence my comments on socket
functions earlier today).

It also fixes the 'set password' operation to behave correctly (it was
previously a no-op).

This allows Samba3 to join Samba4.  Some winbindd operations even work,
which I think is a good step forward.  There is naturally a lot of work
to do, but I wanted at least the very basics of Samba3 domain membership
to be available for the tech preview.

Andrew Bartlett
(This used to be commit 4e80a557f9)
2007-10-10 13:49:37 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Andrew Bartlett
15c1df2e8a r11437: Fix (valid!) use of uninitialised value warnings.
Andrew Bartlett
(This used to be commit 64b9ea642b)
2007-10-10 13:45:37 -05:00
Stefan Metzmacher
29a3b138a2 r11241: - fix compiler warning
- fix comment

metze
(This used to be commit 4f999625a1)
2007-10-10 13:45:06 -05:00
Andrew Bartlett
16bbafb7e8 r11239: Use ${REALM} for the realm in rootdse.ldif
Add the kpasswd server to our KDC, implementing the 'original' and
Microsoft versions of the protocol.

This works with the Heimdal kpasswd client, but not with MIT, I think
due to ordering issues.  It may not be worth the pain to have this
code go via GENSEC, as it is very, very tied to krb5.

This gets us one step closer to joins from Apple, Samba3 and other
similar implementations.

Andrew Bartlett
(This used to be commit ab5dbbe10a)
2007-10-10 13:45:06 -05:00