1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

125 Commits

Author SHA1 Message Date
Jelmer Vernooij
172a83d724 r15573: Fix build of systems that have iconv headers in non-standard locations
Split of system/locale.h header from system/iconv.h

Previously, iconv wasn't being used on these systems
(This used to be commit aa6d66fda6)
2007-10-10 14:05:58 -05:00
Andrew Bartlett
490d6120a9 r15497: I'm not really sure this is correct in terms of how we should be responding to
krbtgt/MY.REALM@MY.REALM

TGS ticket requests, but for the moment, these are still marked as
'server' requests by the kerberos5.c caller.

Andrew Bartlett
(This used to be commit afaee0a6b7)
2007-10-10 14:05:42 -05:00
Andrew Bartlett
835926c879 r15481: Update heimdal/ to match current lorikeet-heimdal.
This includes many useful upstream changes, many of which should
reduce warnings in our compile.

It also includes a change to the HDB interface, which removes the need
for Samba4/lorikeet-heimdal to deviate from upstream for hdb_fetch().
The new flags replace the old entry type enum.

(This required the rework in hdb-ldb.c included in this commit)

Andrew Bartlett
(This used to be commit ef5604b877)
2007-10-10 14:05:39 -05:00
Andrew Bartlett
7a0b65efce r15480: Patch from lha, to ensure we don't leave a free()'ed element in the
principal on strdup failure.

Andrew Bartlett
(This used to be commit d72fafc1f0)
2007-10-10 14:05:39 -05:00
Jelmer Vernooij
5c3a1d76ff r15379: Fix shared library build's unresolved dependencies
(This used to be commit 0fafa2e595)
2007-10-10 14:05:29 -05:00
Andrew Bartlett
c2cc10c786 r15356: Remove unused 'flags' argument from socket_send() and friends.
This is in preperation for making TLS a socket library.

Andrew Bartlett
(This used to be commit a312812b92)
2007-10-10 14:05:25 -05:00
Jelmer Vernooij
20b3b0f2e3 r15338: Fix build of most things with shared libs enabled.
(This used to be commit 8985093d3f)
2007-10-10 14:05:18 -05:00
Jelmer Vernooij
e002300f23 r15328: Move some functions around, remove dependencies.
Remove some autogenerated headers (which had prototypes now autogenerated by pidl)
Remove ndr_security.h from a few places - it's no longer necessary
(This used to be commit c19c2b51d3)
2007-10-10 14:05:17 -05:00
Jelmer Vernooij
b00c236906 r15301: Use static libraries internally. This required a few hacks in the build
system - these should be removed later on.
(This used to be commit 0654739166)
2007-10-10 14:05:07 -05:00
Jelmer Vernooij
710ea94988 r15297: Move create_security_token() to samdb as it requires SAMDB (and the rest of LIBSECURITY doesn't)
Make the ldb password_hash module only depend on some keys manipulation code, not full heimdal
Some other dependency fixes
(This used to be commit 5b3ab728ed)
2007-10-10 14:05:04 -05:00
Jelmer Vernooij
f5bc4a72c5 r15270: Rename EXTRA_CFLAGS to CFLAGS - initial work on getting DSO's working again.
(This used to be commit 33e4b92c46)
2007-10-10 14:04:59 -05:00
Jelmer Vernooij
82f1955314 r15223: Move heimdal's -I parameters from the global list of includes to
the subsystems in question
(This used to be commit 2fbb4d91fa)
2007-10-10 14:04:20 -05:00
Jelmer Vernooij
69b51f702a r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacement
for REQUIRED_SUBSYSTEMS.
(This used to be commit adc8a019b6)
2007-10-10 14:04:18 -05:00
Stefan Metzmacher
9424766ee0 r14856: fix bugs noticed by the ibm code checker
metze
(This used to be commit f72e7d9dcd)
2007-10-10 13:59:43 -05:00
Jelmer Vernooij
c06acda7d5 r14571: More improvements on shared library support in Samba. Only ldb is left now...
(This used to be commit e71cca7f0c)
2007-10-10 13:58:49 -05:00
Jelmer Vernooij
9565c70898 r14567: Make some more functions public.
(This used to be commit 8e84e6cb6b)
2007-10-10 13:58:48 -05:00
Jelmer Vernooij
35349a58df r14542: Remove librpc, libndr and libnbt from includes.h
(This used to be commit 51b4270513)
2007-10-10 13:58:42 -05:00
Stefan Metzmacher
881f32a091 r14537: remove used file
metze
(This used to be commit e3f6e53075)
2007-10-10 13:58:41 -05:00
Jelmer Vernooij
71b4fd9792 r14477: Remove the NOPROTO property - it's no longer used as proto.h is gone.
(This used to be commit 9c37f847d3)
2007-10-10 13:57:30 -05:00
Jelmer Vernooij
8528016978 r14464: Don't include ndr_BASENAME.h files unless strictly required, instead
try to include just the BASENAME.h files (containing only structs)
(This used to be commit 3dd477ca51)
2007-10-10 13:57:27 -05:00
Andrew Tridgell
4ce5f82979 r14427: don't reference short_princ after it is freed
(This used to be commit 8ca4681861)
2007-10-10 13:57:22 -05:00
Jelmer Vernooij
e3f2414cf9 r14380: Reduce the size of structs.h
(This used to be commit 1a16a6f1df)
2007-10-10 13:57:16 -05:00
Andrew Bartlett
bc4156e6e2 r14203: Include less private heimdal headers.
Andrew Bartlett
(This used to be commit ce80425f6d)
2007-10-10 13:57:00 -05:00
Stefan Metzmacher
651ca6553e r14079: I just found the setproctitle library from alt linux:-)
- add set_title hook to the process models
- use setproctitle library in process_model standard if available
- the the title for the task servers and on connections

metze
(This used to be commit 526f20bbec)
2007-10-10 13:56:49 -05:00
Jelmer Vernooij
ceb6e9717b r13960: Generate makefile rules for installing/removing shared modules.
(This used to be commit 2c74698032)
2007-10-10 13:52:32 -05:00
Jelmer Vernooij
9bd7dd9121 r13926: More header splitups.
(This used to be commit 930daa9f41)
2007-10-10 13:52:26 -05:00
Jelmer Vernooij
4ac2be9958 r13924: Split more prototypes out of include/proto.h + initial work on header
file dependencies
(This used to be commit 1228358767)
2007-10-10 13:52:24 -05:00
Andrew Bartlett
61fe79d022 r13910: Fix the 'your password has expired' on every login. We now consider
if the 'password does not expire' flag has been set, filling in the
PAC and netlogon reply correctly if so.

Andrew Bartlett
(This used to be commit c530ab5dc6)
2007-10-10 13:52:22 -05:00
Jelmer Vernooij
ba564a901e r13903: Don't generate prototypes for modules and binaries in include/proto.h by
default.
(This used to be commit c80a8f1102)
2007-10-10 13:52:21 -05:00
Andrew Bartlett
576cdc713c r13516: We can't bind to both 0.0.0.0 and specific network interfaces at the
same time.

This was causing the kdc to shut itself down if 'bind interfaces only = no'.

Andrew Bartlett
(This used to be commit 02ff22a250)
2007-10-10 13:51:56 -05:00
Andrew Bartlett
c838f4965b r13321: Bind to each interface and to the 0.0.0.0 interface on the KDC. This
was pointed out by Maurice Massar.  It ensures we get the addresses
for the krb5_mk_priv() correct (otherwise an MIT kpasswdd fails over
localhost).

Also never run the KDC unless we are a DC.

Andrew Bartlett
(This used to be commit c170079184)
2007-10-10 13:51:44 -05:00
Andrew Bartlett
13c1f1b6f1 r13252: Cleanup, both in code, comments and talloc use:
In particular, I've used the --leak-report-full option to smbd to
track down memory that shouldn't be on a long-term context.  This is
now talloc_free()ed much earlier.

Andrew Bartlett
(This used to be commit c6eb74f429)
2007-10-10 13:51:38 -05:00
Andrew Bartlett
654a21178f r13207: Use the new API for using/not using kerbeors in hdb-ldb.c
Update the rootdse module to use the new schema.

Andrew Bartlett
(This used to be commit b0b150d08a)
2007-10-10 13:51:34 -05:00
Andrew Bartlett
28d78c40ad r13107: Follow the lead of Heimdal's kpasswdd and use the HDB (hdb-ldb in our
case) as the keytab.

This avoids issues in replicated setups, as we will replicate the
kpasswd key correctly (including from windows, which is why I care at
the moment).

Andrew Bartlett
(This used to be commit 849500d1aa)
2007-10-10 13:51:26 -05:00
Andrew Tridgell
e239a46dbc r13069: adding a hack on instructions from andrew
(This used to be commit 65cf522b5e)
2007-10-10 13:51:21 -05:00
Andrew Bartlett
f55ea8bb3d r12804: This patch reworks the Samba4 sockets layer to use a socket_address
structure that is more generic than just 'IP/port'.

It now passes make test, and has been reviewed and updated by
metze. (Thankyou *very* much).

This passes 'make test' as well as kerberos use (not currently in the
testsuite).

The original purpose of this patch was to have Samba able to pass a
socket address stucture from the BSD layer into the kerberos routines
and back again.   It also removes nbt_peer_addr, which was being used
for a similar purpose.

It is a large change, but worthwhile I feel.

Andrew Bartlett
(This used to be commit 88198c4881)
2007-10-10 13:49:57 -05:00
Jelmer Vernooij
63d718e243 r12696: Reduce the size of include/structs.h
(This used to be commit 6391761601)
2007-10-10 13:49:40 -05:00
Andrew Bartlett
c6bbeded15 r12683: Fix declaration and initialisation placement.
Andrew Bartlett
(This used to be commit 17e20930ec)
2007-10-10 13:49:37 -05:00
Andrew Bartlett
8cd5930a4b r12682: This patch finally fixes our kpasswdd implementation to be compatible
with clients compiled against the MIT Kerberos implementation.  (Which
checks for address in KRB-PRIV packets, hence my comments on socket
functions earlier today).

It also fixes the 'set password' operation to behave correctly (it was
previously a no-op).

This allows Samba3 to join Samba4.  Some winbindd operations even work,
which I think is a good step forward.  There is naturally a lot of work
to do, but I wanted at least the very basics of Samba3 domain membership
to be available for the tech preview.

Andrew Bartlett
(This used to be commit 4e80a557f9)
2007-10-10 13:49:37 -05:00
Andrew Bartlett
2d9bd9b3a5 r12681: Allow an entry to have no kerberos keys. This occours when an entry
is new, and has no password.  It may also occour in the future if we
allow PKINIT.  In any case, it shouldn't segfault :-)

Andrew Bartlett
(This used to be commit 686fea241b)
2007-10-10 13:49:37 -05:00
Andrew Bartlett
cf07cd3fee r12631: Now we have fixed the provision script, we don't need to work around
it here.

Andrew Bartlett
(This used to be commit f282fab611)
2007-10-10 13:49:10 -05:00
Andrew Bartlett
c82c9fe7bb r12599: This new LDB module (and associated changes) allows Samba4 to operate
using pre-calculated passwords for all kerberos key types.
(Previously we could only use these for the NT# type).

The module handles all of the hash/string2key tasks for all parts of
Samba, which was previously in the rpc_server/samr/samr_password.c
code.  We also update the msDS-KeyVersionNumber, and the password
history.  This new module can be called at provision time, which
ensures we start with a database that is consistent in this respect.

By ensuring that the krb5key attribute is the only one we need to
retrieve, this also simplifies the run-time KDC logic.  (Each value of
the multi-valued attribute is encoded as a 'Key' in ASN.1, using the
definition from Heimdal's HDB.  This simplfies the KDC code.).

It is hoped that this will speed up the KDC enough that it can again
operate under valgrind.
(This used to be commit e902274321)
2007-10-10 13:49:01 -05:00
Jelmer Vernooij
2cd5ca7d25 r12542: Move some more prototypes out to seperate headers
(This used to be commit 0aca5fd513)
2007-10-10 13:47:55 -05:00
Jelmer Vernooij
d8e35f8828 r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not using
the difference between these at all, and in the future the
fact that INIT_OBJ_FILES include smb_build.h will be sufficient to
have recompiles at the right time.
(This used to be commit b24f2583ed)
2007-10-10 13:47:45 -05:00
Andrew Bartlett
4a56399798 r12383: Fixes for Apple's AD client. Don't segfualt in the KDC, and they
require the isSynchronized flag in the rootDSE.

Andrew Bartlett
(This used to be commit e48464c884)
2007-10-10 13:47:33 -05:00
Andrew Bartlett
512b94803d r12362: Along with a cracknames change in the previous commit, this should
allow Win2000 machines to again use kerberos with Samba4.

Andrew Bartlett
(This used to be commit 5770409dcd)
2007-10-10 13:47:31 -05:00
Andrew Bartlett
a30726581e r12327: ENT_TYPE_ANY isn't used anywhere in Samba4, so don't implement it in hdb-ldb.
Andrew Bartlett
(This used to be commit 96e124b7bb)
2007-10-10 13:47:30 -05:00
Andrew Bartlett
fbf106f670 r12269: Update to current lorikeet-heimdal. This changed the way the hdb
interface worked, so hdb-ldb.c and the glue have been updated.

Andrew Bartlett
(This used to be commit 8fd5224c6b)
2007-10-10 13:47:26 -05:00
Andrew Bartlett
172a8b477e r12179: Allow our KDC to use LDAP to get to the backend database.
To avoid a circular depenency, it is not allowed to use Krb5 as an
authentication mechanism, so this must be removed from the list.  An
extension to the credentials system allows this function.

Also remove proto.h use for any of the KDC, and use NTSTATUS returns
in more places.

Andrew Bartlett
(This used to be commit 5f9dddd02c)
2007-10-10 13:47:16 -05:00
Stefan Metzmacher
3ef038b267 r12121: remove some dublicate code
metze
(This used to be commit 2fe8a643d3)
2007-10-10 13:47:11 -05:00